> -----Original Message----- > From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Oliver Niebuhr > > The Qt Wiki says, the following Parameters are minimum recommended: > no-ssl2 no-ssl3 no-idea no-mdc2 no-rc5 > > My Questions are: > 1.) Are there any other Parameters that should be used? I also add no-comp -DOPENSSL_NO_HEARTBEAT no-md2. no-md2 might be a default. Check Configure Options at https://wiki.openssl.org/index.php/Compilation_and_Installation for some other things you might not need, like no-srp no-psk no-dtls no-npn no-krb5 etc. If this is a dedicated library for your application, I suggest you disable all features and ciphers you won't be using, for example, no-bf no-sha1 no-md5 no-seed etc.... If you control both ends, you could even distill it down to a single protocol cipher suite, like ECDHE-ECDSA-AES128-GCM-SHA256 with TLS1.2.
