[openssl-users] [Question] What are the current secure Configure Parameter?
Oliver Niebuhr
googleersatz at oliverniebuhr.de
Thu Mar 10 04:42:36 UTC 2016
Hello.
I am using OpenSSL from within the Qt Project / QtWebEngine.
The Qt Wiki says, the following Parameters are minimum recommended:
no-ssl2 no-ssl3 no-idea no-mdc2 no-rc5
Since 1.0.2g, SSL2 has been removed completely. So no-ssl2 is not needed
anymore.
My Questions are:
1.) Are there any other Parameters that should be used?
2.) What are the Parameters for a 'Paranoid' build aka absolute Security
without any comprimises?
Use Case:
OpenSSL get invoked by QtWebEngine automatically. There is no direct use
from my side - yet.
The QtWebEngine based Browser Widget is part of something like a
"Software Suite": It will not replace Standard Browser like Firefox.
Everything older than TLS 1.0 should not be supported.
This Software Suite is used 99 Percent on private PCs and not in a
Enterprise Environment.
But it must still be secure as possible to transceive Personal Data
(i.e. Database Entries), Chat etc.
Project is in "Alpha" State - there is no VServer or something similar
yet to concentrate Communication etc.
The (OpenSSL)Server Setup will be based on what you Experts have to say.
Environment:
Under Windows 7 to Windows 10: CygWin / MSVC 2015 (compilation done
under Win10).
Under Antergos Linux (KDE): GCC 4.9.2 (not tested yet if Qt can be built
with GCC >=5.x as the Qt Framework is 4.9.x based).
Thank You for your Time!
And please forgive me my horrible english :)
Oliver
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160310/009f7538/attachment.sig>
More information about the openssl-users
mailing list