SSL_CONF_cmd(): SecurityLevel keyword, by chance?

Steffen Nurpmeso steffen at sdaoden.eu
Sat Jan 9 23:24:36 UTC 2021


Hello.

I do use SSL_CONF_cmd() (and modules) possibility if it exists,
since it allow users to simply use the features of the newest
OpenSSL library without any code changes on my side.
This is great, and i think i applauded in the past.

I discovered security_level(), needless to say i thought
@SECLEVEL= of ciphers(1) was broken until i discovered -s is
required to make it functional (..and do not get me started on
-ciphersuites..).

Wouldn't it make sense to offer SecurityLevel as a keyword for
SSL_CONF_cmd(), and therefore also SSL_CTX_config(), too -- since
it seems (from the manual) to extend to more than what i would
assume to be covered by a @SECLEVEL member of CipherString aka
..Ciphersuites...?

This seems desirable to me.  For now i will not offer
security_level because i would have to implement a special code
path to bypass SSL_CONF_cmd/SSL_CTX_config, which is used
exclusively if available.

Ciao and a good Sunday from Germany i wish,

(P.S.: i have not github account.)

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)


More information about the openssl-users mailing list