[Cryptography] OpenSSL minimal "safe" configuration?

Ray Dillinger bear at sonic.net
Sat Jan 16 01:45:12 EST 2016



On 01/13/2016 05:44 PM, Salz, Rich wrote:
> 
>> I support Henry in his goal and would vastly prefer an OpenSSL that flatly
>> refused to use known insecure algorithms.
> 
> Even for old "data at rest"?

That is what "InsecureSSL" is for.  If you can't secure something
you shouldn't be using the same tool you use for secure data on it,
nor should you be misled into believing that it's secure because
something you think is security software continues to work with it.

				Bear





-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160115/8690586e/attachment.sig>


More information about the cryptography mailing list