[openssl-dev] [openssl.org #3627] Enhancement request: add more "Protocol" options for SSL_CONF_CTX
Steffen Nurpmeso via RT
rt at openssl.org
Tue Dec 9 11:24:31 UTC 2014
"Salz, Rich" <rsalz at akamai.com> wrote:
|I think magic names -- shorthands -- are a very bad idea. \
I _completely_ disagree.
| They are point-in-time statements whose meaning evolves, \
|if not erodes, over time.
Because i don't think that a normal user, or even normal
administrators and programmers is and are willing or even capable
to understand what they are doing.
How many people have read all the RFCs that are involved?
And how many people have sufficient knowledge to _really_
understand the mathematical concepts and actual algorithms?
Personally i am willing to put enough trust in the OpenSSL team
*even insofar* as i now do 'set ssl-protocol="ALL,-VULNERABLE"'
and leave the task of deciding what is VULNERABLE up to you.
Imagine that.
I have already implemented the necessary _CONF_ wrapper for
OpenSSL v1.0.1 and it'll gave you a hand (shall the list receive
this message).
--steffen
More information about the openssl-dev
mailing list