[openssl-dev] [openssl.org #3627] Enhancement request: add more "Protocol" options for SSL_CONF_CTX
Steffen Nurpmeso
sdaoden at yandex.com
Thu Dec 11 13:09:15 UTC 2014
"Salz, Rich via RT" <rt at openssl.org> wrote:
|> I'd love to see a version of bettercrypto.org that only \
|> has to say "to configure
|> OpenSSL version 1.0.3 and higher, you should use the string BEST_PRACTICE"
|
|That can happen but not by embedding magic strings into code. See
But isn't TLSv1.2 also a magic string?
I mean i hope we come to an end with this soon...
But doesn't a OpenSSL library installation _as such_ represent
such an immense combination of magic, regarding the internal
configuration settings..?
I wouldn't have a problem if you would add even more VULNERABLE,
also to other _CONF_ settings. But i'm simple minded and as of
today "Protocol" is just about anything that my thing is concerned
of. :-)
--steffen
More information about the openssl-dev
mailing list