On Mon, Jun 15, 2009 at 5:46 AM, Phil Pennockopenssl-...@spodhuis.org wrote:
When RFC 5246 came out, specifying TLS 1.2 and having all mandated
cipher suites use SHA-256, we assumed that to aid the transition OpenSSL
would add EVL_sha256() to the list of digests initialised in
On 2009-06-15 at 11:02 +0200, Bodo Moeller wrote:
On Mon, Jun 15, 2009 at 5:46 AM, Phil Pennockopenssl-...@spodhuis.org wrote:
When RFC 5246 came out, specifying TLS 1.2 and having all mandated
cipher suites use SHA-256, we assumed that to aid the transition OpenSSL
would add EVL_sha256()
Phil Pennock wrote:
The approach of the Exim MTA to cryptography is simple -- don't
second-guess the SSL library developers when it comes to choosing which
algorithms/digests/etc to load, and provide a knob
(tls_require_ciphers) for administrators to restrict what can be
loaded. The MTA
On 2009-06-15 at 14:17 -0700, David Schwartz wrote:
Phil Pennock wrote:
The approach of the Exim MTA to cryptography is simple -- don't
second-guess the SSL library developers when it comes to choosing which
algorithms/digests/etc to load, and provide a knob
(tls_require_ciphers) for
Phil Pennock wrote:
That just won't work. Cryptography is not a drop in a library
and mark a
checkbox on your product thing. It has to be properly integrated in an
application with decisions made as to what the application
actually needs,
what threat models it faces, and so on.