Tom, your major changes claim that allow_weak_crypto defaults to false . I thought we decided (and the code seems to agree) that we set it to true. --Sam