[cryptography] anyone got a "how not to use OpenSSL" list?

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sat Oct 13 02:22:19 EDT 2012

Patrick Mylund Nielsen <cryptography at patrickmylund.com> writes:

>Guess what his optimization was. Yup, he tried every combination of things in
>SSLCipherSuite and simply chose the one with the lest CPU...

I've run into similar things, I've had (potential) users of my software reject
it because it didn't support the NULL_WITH_NULL cipher suite.  I guess their
checklist just said "must use SSL" without going into further detail.

One company that I remember this being an issue with was a large bank...


More information about the cryptography mailing list