[openssl-users] [Question] What are the current secure Configure Parameter?
googleersatz at oliverniebuhr.de
Thu Mar 10 04:42:36 UTC 2016
I am using OpenSSL from within the Qt Project / QtWebEngine.
The Qt Wiki says, the following Parameters are minimum recommended:
no-ssl2 no-ssl3 no-idea no-mdc2 no-rc5
Since 1.0.2g, SSL2 has been removed completely. So no-ssl2 is not needed
My Questions are:
1.) Are there any other Parameters that should be used?
2.) What are the Parameters for a 'Paranoid' build aka absolute Security
without any comprimises?
OpenSSL get invoked by QtWebEngine automatically. There is no direct use
from my side - yet.
The QtWebEngine based Browser Widget is part of something like a
"Software Suite": It will not replace Standard Browser like Firefox.
Everything older than TLS 1.0 should not be supported.
This Software Suite is used 99 Percent on private PCs and not in a
But it must still be secure as possible to transceive Personal Data
(i.e. Database Entries), Chat etc.
Project is in "Alpha" State - there is no VServer or something similar
yet to concentrate Communication etc.
The (OpenSSL)Server Setup will be based on what you Experts have to say.
Under Windows 7 to Windows 10: CygWin / MSVC 2015 (compilation done
Under Antergos Linux (KDE): GCC 4.9.2 (not tested yet if Qt can be built
with GCC >=5.x as the Qt Framework is 4.9.x based).
Thank You for your Time!
And please forgive me my horrible english :)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 884 bytes
Desc: OpenPGP digital signature
More information about the openssl-users