[PATCH] OpenSSL: lower priority for CBC ciphers in default cipherlist

Michael Tremer michael.tremer at ipfire.org
Tue Jun 11 10:38:09 BST 2019


Hi,

okay. So let’s save all those changes for the next Core Update so that we only have one line in the change log and can communicate it concisely.

-Michael

> On 10 Jun 2019, at 20:30, Peter Müller <peter.mueller at ipfire.org> wrote:
> 
> Hello Michael,
> 
>> Do you intend to do more changes to let’s say the Apache cipher suites?
> At the moment, no. I plan to remove AES-CBC at the end of the year
> or if more dangerous vulnerabilities show up; I am afraid we cannot
> do this for OpenVPN/IPsec GUIs as well.
> 
> Thanks, and best regards,
> Peter Müller
> -- 
> The road to Hades is easy to travel.
> 	-- Bion of Borysthenes



More information about the Development mailing list