[openssl-dev] [openssl.org #3627] Enhancement request: add more "Protocol" options for SSL_CONF_CTX
Steffen Nurpmeso via RT
rt at openssl.org
Thu Dec 11 12:51:22 UTC 2014
Yoav Nir <ynir.ietf at gmail.com> wrote:
|> On Dec 9, 2014, at 1:24 PM, Steffen Nurpmeso via RT <rt at openssl.org> \
|> wrote:
|> "Salz, Rich" <rsalz at akamai.com> wrote:
|>|I think magic names -- shorthands -- are a very bad idea. \
|>
|> I _completely_ disagree.
|>
|>| They are point-in-time statements whose meaning evolves, \
|>|if not erodes, over time.
|>
|> Because i don't think that a normal user, or even normal
|> administrators and programmers is and are willing or even capable
|> to understand what they are doing.
|decision than most administrators. Nevertheless, if upgrading \
|OpenSSL from version X to version Y causes a ciphersuite (or \
|TLS version) to be dropped into VULNERABLE, there are going \
|to be angry phone calls from users whose browser or application \
|has stopped working. It is the administrator who is going \
Applications don't need to use -VULNERABLE/+SECURE.
Heck, the monster ones have become so intransparent that i have to
place such an enormous trust into them that i only use one,
Firefox, but that does terrible things and there is no knob that
i can toggle wheresoever. (I've used Opera for over a decade and
am very new to Firefox: i'm pretty sure there is some kind of
registry that experienced users can tweak. But still: certainly
neither in the Advanced nor the Security Tab.)
_How_ i would appreciate being able to enter -VULNERABLE in some
text field. And have a nicer and easier exception handling, too.
Can be imagined.
--steffen
More information about the openssl-dev
mailing list