![(please configure the [header_logo] section in trac.ini)](/repos/chrome/site/pj.jpg)
Opened 10 years ago
Closed 10 years ago
#1846 closed enhancement (fixed)
Update to use 'HIGH' ciphers as default in OpenSSL
| Reported by: | ming | Owned by: | bennylp |
|---|---|---|---|
| Priority: | normal | Milestone: | release-2.4.5 |
| Component: | applications | Version: | trunk |
| Keywords: | Cc: | ||
| Backport to 1.x milestone: | Backported: | no |
Description
Since March 2015, a TLS/SSL security vulnerability was revealed, which
mandates to disable certain TLS cipher-suites
<https://en.wikipedia.org/wiki/FREAK>. Furthermore since February 2015,
RFC 7465 prohibits the cipher-suite RC4. To achieve this with OpenSSL, the
cipher-suite list has to be changed from "DEFAULT" to "HIGH". Furthermore,
all ciphers which were not included in "DEFAULT" before (like eNULL), should
not appear now either. Therefore: HIGH:-COMPLEMENTOFDEFAULT.
Special thanks to Alexander Traud for his excellent suggestion, description, and patch.
Change History (1)
comment:1 Changed 10 years ago by ming
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
In 5078: