wolfssl icon indicating copy to clipboard operation
wolfssl copied to clipboard

Published 20 hours ago verified publisher icon wolfSSL

disable weak ssl ciphers by default?

Open vuvova opened this issue 4 years ago • 2 comments

Since 25 Aug 2016 OpenSSL disables RC4 by default, one needs to enable it explicitly using the enable-weak-ssl-ciphers option to Configure.

Should WolfSSL also do it, define NO_RC4 by default? For example,

#ifndef ENABLE_RC4
#define NO_RC4
#endif

vuvova avatar Jul 26 '21 14:07 vuvova

Hi @vuvova ,

Our RC4 is disabled by default in ./configure, but you are right if providing build options manually NO_RC4 must be defined.

./configure --help | grep rc4
  --enable-arc4           Enable ARC4 (default: disabled)

You will also notice all our template user_settings.h have NO_RC4 defined: https://github.com/wolfSSL/wolfssl/tree/master/examples/configs

I've made note of this and will discuss internally.

Thanks, David Garske, wolfSSL

dgarske avatar Jul 26 '21 16:07 dgarske

Hi @vuvova ,

Thank you for this report. I've put up a PR #4260 to resolve this. Let me know if you see any issues.

Thanks, David Garske, wolfSSL

dgarske avatar Jul 28 '21 17:07 dgarske

Closing this older issue as resolved.

embhorn avatar Aug 23 '22 12:08 embhorn