On 9 December 2014 at 11:35, Steffen Nurpmeso <sdao...@yandex.com> wrote:
> Richard Moore <richmoor...@gmail.com> wrote: > |On 8 December 2014 at 19:20, Steffen Nurpmeso via RT <r...@openssl.org> > wrote: > |> and finally i propose three new values for the "Protocol" slot of > |> SSL_CONF_CTX_cmd(): OLDEST, NEWEST and VULNERABLE. > | > |In Qt we've added an enum value for TLS versions that is SecureProtocols > so > |that we could remove versions as required without requiring apps to be > |updated. It's an open question which is more likely to get updated - Qt > or > |the apps of course. For Qt 5.4 which is due out this week we've removed > |SSL3 from this enum so apps will silently get updated to drop support for > |it. > > I see. And i think this is the most impressive or, lesser > enthusiastic, important feature of the slow _CONF_ interface: that > users can use strings and that those are directly swallowed by the > OpenSSL library, so that neither recompilation nor understanding > is necessary on the program side in order to upgrade to a new > level of security. > The API we offer in Qt isn't tied to openssl so we can't do that. We also support a Windows RT backend and a SecureTransport backend is under development too. > (As a side note: SecureProtocols is such a Volvo wording... > Doesn't vulnerable energises a deeper feeling of insecurity? > I think Hitchcock would have used the naked and bare vulnerable.) > That's partly due to the API naming conventions for enums. :-) Rich. _______________________________________________ openssl-dev mailing list openssl-dev@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-dev