On 05/31/2018 06:15 AM, Viktor Dukhovni wrote: > I expect there are still plenty of LTS RedHat systems that > ship without EC support, though yes anything reasonably > up to date, will have EC support. AFAIR EC cipher suites were introduced in OpenSSL 1.0.0, so those LTS systems must be using OpenSSL 0.9.x. In 2018 this is asking for trouble, and a clear evidence that they don't care about security... > Ultimately of course up to you and your users, I think I've > made my case as well as I could. Good luck. Indeed. Thank you. I highly appreciate your input. Defining an acceptable security margin for algorithms is tough, especially with QC predictions in mind... Best regards, Mike
Attachment:
signature.asc
Description: OpenPGP digital signature
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
