[openssl-dev] Proposed cipher changes for post-1.0.2
Viktor Dukhovni
openssl-users at dukhovni.org
Fri Feb 13 14:52:23 UTC 2015
On Fri, Feb 13, 2015 at 11:59:13AM +0000, Salz, Rich wrote:
> > Some time ago, I had submitted a patch which allows administrators, but
> > most importantly OS distributors to set their own strings in the configuration
> > file, which software can then rely on, to provide a consistent security level:
> > https://github.com/openssl/openssl/pull/192
>
> And my intent is to pull this into master pretty soon.
And applications would need to opt-in to having this new profile
apply, or more usefully need to be able to choose which
application-specific file contains the desired profile. there's
no such thing as a universal profile that works for all software.
We may not need a patch for this, I thought we were about to deprecate
OpenSSL_config() with its void return status and encourage folks
to use the NCONF API, which should be able to handle this, or be close
in any case.
--
Viktor.
More information about the openssl-dev
mailing list