> I support Henry in his goal and would vastly prefer an OpenSSL that flatly > refused to use known insecure algorithms. Even for old "data at rest"? -- Senior Architect, Akamai Technologies IM: richsalz at jabber.at Twitter: RichSalz