[cryptography] anyone got a "how not to use OpenSSL" list?
pgut001 at cs.auckland.ac.nz
Sat Oct 13 02:22:19 EDT 2012
Patrick Mylund Nielsen <cryptography at patrickmylund.com> writes:
>Guess what his optimization was. Yup, he tried every combination of things in
>SSLCipherSuite and simply chose the one with the lest CPU...
I've run into similar things, I've had (potential) users of my software reject
it because it didn't support the NULL_WITH_NULL cipher suite. I guess their
checklist just said "must use SSL" without going into further detail.
One company that I remember this being an issue with was a large bank...
More information about the cryptography