Hello Michael,

thanks for your comments.

> Hi,
> 
> I think I can ACK this although we definitely should change the default. I have raised that a couple of times before.
Yes. This is true for IPsec as well... Patch is in my pipeline...
> 
> I also do not like having a very long list of ciphers that are weak. There are not too many left which are “strong”. But yeah, what can you do?
As far as I am concerned, there is little "strong" cryptography left indeed.
It's basically only TLS >= 1.2 with AEAD (e.g. GCM) ciphers and Forward Secrecy.

Speaking about RFC 8446, this is more or less what survived discussions before
standardizing TLS 1.3 ... :-)
> 
> I will wait for Erik to ack this, too.
> 
> -Michael
Thanks, and best regards,
Peter Müller
-- 
The road to Hades is easy to travel.
	-- Bion of Borysthenes