[openssl-dev] [openssl.org #3627] Enhancement request: add more "Protocol" options for SSL_CONF_CTX
Richard Moore via RT
rt at openssl.org
Wed Dec 10 21:39:38 UTC 2014
On 10 December 2014 at 19:26, Daniel Kahn Gillmor <dkg at fifthhorseman.net>
wrote:
> Programs which use the OpenSSL library generally just want to flip a
> switch and know that they've "turned on security", instead of trying to
> expose dozens of complex controls to the user or administrator. The
> closer OpenSSL can come to that ideal, the more likely its users will
> have reasonably strong crypto without having to learn the dirty dirty
> details and history of TLS and its predecessors.
>
My experience suggests that while that might be what some developers want,
that's not what users want. They expect that if it works in the browser it
should work everywhere - even when the browser is jumping through hoops
like fetching missing intermediate certificates, downgrading security etc.
If the world were perfect and the browsers didn't do this then life would
be a lot easier.
Cheers
Rich.
More information about the openssl-dev
mailing list