[PATCH] OpenSSL: lower priority for CBC ciphers in default cipherlist

Michael Tremer michael.tremer at ipfire.org
Tue Jun 11 10:38:09 BST 2019


okay. So let’s save all those changes for the next Core Update so that we only have one line in the change log and can communicate it concisely.


> On 10 Jun 2019, at 20:30, Peter Müller <peter.mueller at ipfire.org> wrote:
> Hello Michael,
>> Do you intend to do more changes to let’s say the Apache cipher suites?
> At the moment, no. I plan to remove AES-CBC at the end of the year
> or if more dangerous vulnerabilities show up; I am afraid we cannot
> do this for OpenVPN/IPsec GUIs as well.
> Thanks, and best regards,
> Peter Müller
> -- 
> The road to Hades is easy to travel.
> 	-- Bion of Borysthenes

More information about the Development mailing list