On Tue, May 2, 2017 at 4:42 PM, Daniel <dferra...@gmail.com> wrote:
> ould these changes/choices be permanent after different releases of httpd?
> If not, what if httpd "choices" settings as commented  at the beginning of
> this thread screw the need for a very important client with java 1.crap
> which can handle DH just fine but after accepting the ciphert if the private
> key is bigger than XXXX it will fail, maybe the Mr. and Ms. Normal won't be
> able to figure out since they changed nothing and the thing just started
> failing for them?

They upgraded. The few broken users will have a better chance of
understanding what changed from CHANGES or the manual then most users
have of understanding what "HIGH:!PSK:!aNULL:!EXP:!SRP" really
"means".

I think to be useful, reasonable SSL defaults have to be subject to
change in maintenance (and over-rideable)

-- 
Eric Covener
cove...@gmail.com

Reply via email to