Disable EXPORT and LOW SSLv3+ ciphers by default

Reviewed-by: Emilia Käsper <emilia@openssl.org>
author: Viktor Dukhovni <openssl-users@dukhovni.org> 2016-02-19 13:05:11 -0500
committer: Matt Caswell <matt@openssl.org> 2016-03-01 11:20:35 +0000
commit: bc38a7d2d3c6082163c50ddf99464736110f2000 (patch)
tree: bcda9d38b12406a65418e6c353538f375f7ba07e /CHANGES
parent: 1b1d8ae49a41c89a33d9902fc7304cf8accc3f67 (diff)
download: openssl-new-bc38a7d2d3c6082163c50ddf99464736110f2000.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index a02079ff33..e63fce2fef 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
 
  Changes between 1.0.2f and 1.0.2g [xx XXX xxxx]
 
+  * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
+    Builds that are not configured with "enable-weak-ssl-ciphers" will not
+    provide any "EXPORT" or "LOW" strength ciphers.
+    [Viktor Dukhovni]
+
   * Disable SSLv2 default build, default negotiation and weak ciphers.  SSLv2
     is by default disabled at build-time.  Builds that are not configured with
     "enable-ssl2" will not support SSLv2.  Even if "enable-ssl2" is used,
author	Viktor Dukhovni <openssl-users@dukhovni.org>	2016-02-19 13:05:11 -0500
committer	Matt Caswell <matt@openssl.org>	2016-03-01 11:20:35 +0000
commit	bc38a7d2d3c6082163c50ddf99464736110f2000 (patch)
tree	bcda9d38b12406a65418e6c353538f375f7ba07e /CHANGES
parent	1b1d8ae49a41c89a33d9902fc7304cf8accc3f67 (diff)
download	openssl-new-bc38a7d2d3c6082163c50ddf99464736110f2000.tar.gz