[openssl-users] [Question] What are the current secure Configure Parameter?

Oliver Niebuhr googleersatz at oliverniebuhr.de
Thu Mar 10 04:42:36 UTC 2016


Hello.

I am using OpenSSL from within the Qt Project / QtWebEngine.

The Qt Wiki says, the following Parameters are minimum recommended:
no-ssl2 no-ssl3 no-idea no-mdc2 no-rc5

Since 1.0.2g, SSL2 has been removed completely. So no-ssl2 is not needed
anymore.

My Questions are:
1.) Are there any other Parameters that should be used?
2.) What are the Parameters for a 'Paranoid' build aka absolute Security
without any comprimises?

Use Case:
OpenSSL get invoked by QtWebEngine automatically. There is no direct use
from my side - yet.

The QtWebEngine based Browser Widget is part of something like a
"Software Suite": It will not replace Standard Browser like Firefox.

Everything older than TLS 1.0 should not be supported.

This Software Suite is used 99 Percent on private PCs and not in a
Enterprise Environment.

But it must still be secure as possible to transceive Personal Data
(i.e. Database Entries), Chat etc.

Project is in "Alpha" State - there is no VServer or something similar
yet to concentrate Communication etc.

The (OpenSSL)Server Setup will be based on what you Experts have to say.

Environment:
Under Windows 7 to Windows 10: CygWin / MSVC 2015 (compilation done
under Win10).

Under Antergos Linux (KDE): GCC 4.9.2 (not tested yet if Qt can be built
with GCC >=5.x as the Qt Framework is 4.9.x based).

Thank You for your Time!
And please forgive me my horrible english :)
Oliver

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160310/009f7538/attachment.sig>


More information about the openssl-users mailing list