On Wed, Jan 22, 2014 at 02:08:58AM +0000, brian m. carlson wrote: > On Tue, Jan 21, 2014 at 09:49:01PM -0300, Antonio Terceiro wrote: > > While this is fair enough, I tend to agree with Ruby upstream that if > > this is a problem in openssl, it should be fixed there and not in every > > SSL client that uses OpenSSL: > > > > $ apt-cache rdepends libssl1.0.0 | wc -l > > 743 > > According to man ciphers(1ssl): > > DEFAULT > the default cipher list. This is determined at compile time and, > as of OpenSSL 1.0.0, is normally ALL:!aNULL:!eNULL. This must be > the first cipher string specified. > aNULL > the cipher suites offering no authentication. > > So the default in OpenSSL is not to offer cipher suites that don't > provide authentication. Ruby must therefore be overriding this.
You might also want to read: http://openssl.6102.n7.nabble.com/openssl-org-3231-default-ciphers-include-insecure-export-cipher-suites-td48106.html Kurt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org