[openssl-users] Appropriate use of SSL_CTX_set_cipher_list()
Ryan Beethe
ryan at splintermail.com
Tue Jul 17 22:36:47 UTC 2018
I am writing a cross-platform C application, which I would like to
release for a variety of operating systems (Windows 7+, MacOS
HighSierra, Debian 8+, Ubuntu 14.04+, Fedora 27+, Centos 7+, ArchLinux,
at least for now).
Up to now, I have had a line of code which prepares an SSL_CTX object
like something like this:
SSL_CTX_set_cipher_list(ctx->ctx, CIPHERS);
where `CIPHERS` was set to "HIGH:MED:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4".
However, I realized that Fedora's packaging standards [1] require me to
elminate this line or use the special value "PROFILE=SYSTEM" for
CIPHERS.
So that makes me nervous about whether or not I am using
SSL_CTX_set_cipher_list() wrong. Should I be calling it at all? And if
so, where would I find the "right" setting for other operating systems,
since "PROFILE=SYSTEM" appears to be Fedora-specific?
Ryan
[1] https://fedoraproject.org/wiki/Packaging:CryptoPolicies
More information about the openssl-users
mailing list