Don't build RC4 ciphersuites into libssl by default

RC4 based ciphersuites in libssl have been disabled by default. They can be added back by building OpenSSL with the "enable-weak-ssl-ciphers" Configure option at compile time. Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Matt Caswell <matt@openssl.org> 2016-03-03 15:40:51 +0000
committer: Matt Caswell <matt@openssl.org> 2016-03-04 10:04:06 +0000
commit: 8b1a5af389fb962c7d00ffc9d003c81078033e7b (patch)
tree: c8e4ed539f9a711c85cbff3b62b38736b5dd29af /CHANGES
parent: f04abe7d500eeebc078a0ffb0e82997d5f62b2df (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 618655816f..f534cf7aaa 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
 
  Changes between 1.0.2g and 1.1.0  [xx XXX xxxx]
 
+  *) RC4 based libssl ciphersuites are now classed as "weak" ciphers and are
+     disabled by default. They can be re-enabled using the
+     enable-weak-ssl-ciphers option to Configure.
+     [Matt Caswell]
+
   *) If the server has ALPN configured, but supports no protocols that the
      client advertises, send a fatal "no_application_protocol" alert.
      This behaviour is SHALL in RFC 7301, though it isn't universally
author	Matt Caswell <matt@openssl.org>	2016-03-03 15:40:51 +0000
committer	Matt Caswell <matt@openssl.org>	2016-03-04 10:04:06 +0000
commit	8b1a5af389fb962c7d00ffc9d003c81078033e7b (patch)
tree	c8e4ed539f9a711c85cbff3b62b38736b5dd29af /CHANGES
parent	f04abe7d500eeebc078a0ffb0e82997d5f62b2df (diff)