SSL_CONF_cmd(): SecurityLevel keyword, by chance?

Matt Caswell matt at openssl.org
Mon Jan 11 09:24:19 UTC 2021



On 09/01/2021 23:24, Steffen Nurpmeso wrote:
> Hello.
> 
> I do use SSL_CONF_cmd() (and modules) possibility if it exists,
> since it allow users to simply use the features of the newest
> OpenSSL library without any code changes on my side.
> This is great, and i think i applauded in the past.
> 
> I discovered security_level(), needless to say i thought
> @SECLEVEL= of ciphers(1) was broken until i discovered -s is
> required to make it functional (..and do not get me started on
> -ciphersuites..).
> 
> Wouldn't it make sense to offer SecurityLevel as a keyword for
> SSL_CONF_cmd(), and therefore also SSL_CTX_config(), too -- since
> it seems (from the manual) to extend to more than what i would
> assume to be covered by a @SECLEVEL member of CipherString aka
> ..Ciphersuites...?

This is probably a good idea. I'd support it if someone wanted to add that.

Matt



More information about the openssl-users mailing list