If it supported the null cipher by default, users would be a single misconfiguration away from losing all security. By forcing the few who have a legitimate need for a null cipher to patch and recompile, this risk is reduced.
It's the same reason reputable crypto libraries avoid implementing things like the TLS null cipher suites (they exist), and also why the new TLS 1.3 protocol has only PFS suites and AEAD.
That's very risky.
If it supported the null cipher by default, users would be a single misconfiguration away from losing all security. By forcing the few who have a legitimate need for a null cipher to patch and recompile, this risk is reduced.
It's the same reason reputable crypto libraries avoid implementing things like the TLS null cipher suites (they exist), and also why the new TLS 1.3 protocol has only PFS suites and AEAD.