> My number one complaint is that it seems like the defaults are generally set > up to do the wrong things, and the application has to either explicitly set > "yes, you should be secure" options or do stuff on its own. This seems to > have been getting better - gaining hostname validation, for instance - but > really a client should be able to say "give me a secure connection to > host:port" and have sensible and secure things happen with a single call. > Maybe two, one to create a handle and the other to actually set up the > connection (to allow for intervening calls that customize the connection).
I agree with you, but a problem is that “safe and secure” changes over time when new crypto and other new features are added. And then users get upset when their connections no longer work. I think the right approach is to be able to specify a policy, then at least you know what you’re signing up for. Right now it’s a collection of low-level things. And the policy is “SECLEVEL” which ain’t great.
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users