> From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf > Of Viktor Dukhovni > Sent: Thursday, May 31, 2018 03:40 > To: openssl-users@xxxxxxxxxxx > Subject: Re: stunnel 5.46 released > > > > On May 31, 2018, at 3:27 AM, Michał Trojnara > <Michal.Trojnara@xxxxxxxxxxx> wrote: > > > > AFAIR EC cipher suites were introduced in OpenSSL 1.0.0, so those LTS > > systems must be using OpenSSL 0.9.x. > > Actually, no. For IP-related reasons, RedHat for a long time > disabled EC support in OpenSSL 1.0.x. I expect some of those > systems are still deployed. As do some other products that use OpenSSL. There's a great deal of FUD regarding ECC. For the record, I'm with Viktor on this. WeakDH does not justify disabling finite-field DHE entirely; that's a misinterpretation of the WeakDH discovery. There's no advantage to having !DH in the default cipher string. -- Michael Wojcik Distinguished Engineer, Micro Focus -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
