really drop SSLv2

Daniel J Blueman daniel.blueman at
Sun Aug 8 20:38:01 UTC 2010

On 5 August 2010 12:17, Jim Tarvid <tarvid at> wrote:
> On Wed, Aug 4, 2010 at 6:05 PM, Kees Cook <kees at> wrote:
>> Hi Jim,
>> On Wed, Aug 04, 2010 at 09:44:25AM -0400, Jim Tarvid wrote:
>> > Why not kill the weak ciphers too?
>> Sure! Can you send a patch for this?

> Many thought and caveats.
> Old browsers may not be able to negotiate SSLCipherSuite HIGH. I don't know
> and I don't care
> Only the most ancient browsers will not be able to negotiate TLSv1 or SSLv3.
> see #1

> Daniel J Blueman may want NULL (eNULL) instead of NONE

Good info, but no cigar:

$ ssh -o ciphers=NULL x1
command-line line 0: Bad SSH2 cipher spec 'NULL'.

I guess I should select it a different way? 'none' is a valid cipher
when enabled in the configure script.

Daniel J Blueman

More information about the ubuntu-server mailing list