Source: sflphone Severity: grave Tags: security I just saw this in the code: SSL_CTX_set_cipher_list(ctx, "ALL"); This enables ciphers you don't want, it might include those that don't provide authentication or encryption. Kurt