Am 10.03.2016 um 14:49 schrieb Wall, Stephen: > >> -----Original Message----- >> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Oliver Niebuhr >> >> The Qt Wiki says, the following Parameters are minimum recommended: >> no-ssl2 no-ssl3 no-idea no-mdc2 no-rc5 >> >> My Questions are: >> 1.) Are there any other Parameters that should be used? > > I also add no-comp -DOPENSSL_NO_HEARTBEAT no-md2. > > no-md2 might be a default. > > Check Configure Options at https://wiki.openssl.org/index.php/Compilation_and_Installation for some other things you might not need, like no-srp no-psk no-dtls no-npn no-krb5 etc. If this is a dedicated library for your application, I suggest you disable all features and ciphers you won't be using, for example, no-bf no-sha1 no-md5 no-seed etc.... > > If you control both ends, you could even distill it down to a single protocol cipher suite, like ECDHE-ECDSA-AES128-GCM-SHA256 with TLS1.2. > Thanks. I will take a look at it. Oliver -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 884 bytes Desc: OpenPGP digital signature URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160314/f219c4c4/attachment.sig>
