diff options
author | Matt Caswell <matt@openssl.org> | 2016-03-03 15:40:51 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-03-04 10:04:06 +0000 |
commit | 8b1a5af389fb962c7d00ffc9d003c81078033e7b (patch) | |
tree | c8e4ed539f9a711c85cbff3b62b38736b5dd29af /CHANGES | |
parent | f04abe7d500eeebc078a0ffb0e82997d5f62b2df (diff) |
Don't build RC4 ciphersuites into libssl by default
RC4 based ciphersuites in libssl have been disabled by default. They can
be added back by building OpenSSL with the "enable-weak-ssl-ciphers"
Configure option at compile time.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -4,6 +4,11 @@ Changes between 1.0.2g and 1.1.0 [xx XXX xxxx] + *) RC4 based libssl ciphersuites are now classed as "weak" ciphers and are + disabled by default. They can be re-enabled using the + enable-weak-ssl-ciphers option to Configure. + [Matt Caswell] + *) If the server has ALPN configured, but supports no protocols that the client advertises, send a fatal "no_application_protocol" alert. This behaviour is SHALL in RFC 7301, though it isn't universally |