[openssl-dev] [openssl.org #3627] Enhancement request: add more "Protocol" options for SSL_CONF_CTX
Steffen Nurpmeso
sdaoden at yandex.com
Tue Dec 9 11:27:38 UTC 2014
"Kurt Roeckx via RT" <rt at openssl.org> wrote:
|On Mon, Dec 08, 2014 at 08:20:44PM +0100, Steffen Nurpmeso via RT wrote:
|> and finally i propose three new values for the "Protocol" slot of
|> SSL_CONF_CTX_cmd(): OLDEST, NEWEST and VULNERABLE.
|
|I actually find the option unfortunate and I think it should have
|been one that sets the minimum and maximum version. But I think
|we're too late 1.0.2 process to still change this.
A good benefit for a three line patch.
Being able to say "-ALL,>=TLSv1.1" etc. is surely on the list of
many, and much more complicated to implement than that.
--steffen
More information about the openssl-dev
mailing list