[openssl-dev] Proposed cipher changes for post-1.0.2

Viktor Dukhovni openssl-users at dukhovni.org
Fri Feb 13 14:52:23 UTC 2015


On Fri, Feb 13, 2015 at 11:59:13AM +0000, Salz, Rich wrote:

> > Some time ago, I had submitted a patch which allows administrators, but
> > most importantly OS distributors to set their own strings in the configuration
> > file, which software can then rely on, to provide a consistent security level:
> > https://github.com/openssl/openssl/pull/192
> 
> And my intent is to pull this into master pretty soon.

And applications would need to opt-in to having this new profile
apply, or more usefully need to be able to choose which
application-specific file contains the desired profile.  there's
no such thing as a universal profile that works for all software.

We may not need a patch for this, I thought we were about to deprecate
OpenSSL_config() with its void return status and encourage folks
to use the NCONF API, which should be able to handle this, or be close
in any case.

-- 
	Viktor.


More information about the openssl-dev mailing list