SSLeay - Whats the story...

[Enzo Michelangeli]

On Fri, 4 Aug 1995, Alex Tang wrote:

> 
> just wondering but...What are the intrinsic points of weakness?  

Perry Metzger and Mark Chen have recently expressed some criticism, and
Adam Shostack, around the end of May, posted a review that hilighted a 
number of potential problem areas.

Personally, I especially dislike the use of RC4-40 (yes, other algorithms 
are supported, but not using the export version of Netscape Navigator); 
the excessively large portion of the handshaking data exchanged as 
cleartext; and the limitations in certificate management (no provisions 
for verifying the revocation status with a CA).