[Pkg-openssl-devel] Building alpha3 with -DOPENSSL_TLS_SECURITY_LEVEL=2
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Wed Jun 17 21:14:43 BST 2020
On 2020-06-17 22:00:30 [+0200], Kurt Roeckx wrote:
> > So how do we get DEFAULT at SECLEVEL=2 and MinProtocol = TLSv1.2 by default
> > and so that it could be overriden?
>
> The plan is to get older versions disabled by disabling SHA1 and
> MD5 at security level 1.
So you say we don't disable TLS1.0+TLS1.1 by default but we don't allow
SHA1 as MAC so only and since SHA256/AEAD is only defined in TLSv1.2 we
would end up with no common cipher for <TLSv1.2.
Okay. I try to remember this. Are the wheels in motion for this plan?
> Kurt
Sebastian
More information about the Pkg-openssl-devel
mailing list