[cryptography] anyone got a "how not to use OpenSSL" list?

travis+ml-rbcryptography at subspacefield.org travis+ml-rbcryptography at subspacefield.org
Wed Oct 10 16:26:29 EDT 2012


On Wed, Oct 10, 2012 at 08:56:29PM +0100, Patrick Mylund Nielsen wrote:
> One thing that I've sadly seen more times than I can shake a stick at
> is people leaving in aNULL/eNULL, or not including !aNULL:!eNULL in
> their cipher suite list.

I should point out, I meant from a source code and not an
operational/environmental perspective... though all such information
is entertaining...
-- 
http://www.subspacefield.org/~travis/
Any sufficiently advanced magic is indistinguishable from reality.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 834 bytes
Desc: not available
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20121010/98429236/attachment.asc>


More information about the cryptography mailing list