On Thu, 2014-03-27 at 19:27 +0100, Dr. Stephen Henson wrote:
I'd rather see the ability to add a new section openssl.cnf, like
[ cipher-profile ]
redhat-recommended = AES256-CGM-SHA384
and then you could do things like
-ciphers profile@redhat-recommended:RC4-SHA128
On Mon, Mar 31, 2014 at 02:13:22PM +0200, Nikos Mavrogiannopoulos wrote:
This looks indeed cleaner, but based on my understanding of openssl, I
think the main issues with that, is (1) that applications may not call
OPENSSL_config at all,
Perhaps to deliberately isolate themselves from
On Mon, 2014-03-31 at 12:23 +, Viktor Dukhovni wrote:
and (2) it is not easy to modify just a single
section of that file with system scripts (especially since that file is
expected to be modified manually by the administrator).
This is likely a good thing. Once a default is set,
On Mon, Mar 31, 2014 at 03:39:10PM +0200, Nikos Mavrogiannopoulos wrote:
This too feels like intrusive overreach. What problem are you
trying to solve?
The goal is to allow the configuration of the security level of
applications centrally in a system. That is, to not require the
On Mon, 2014-03-31 at 13:55 +, Viktor Dukhovni wrote:
This too feels like intrusive overreach. What problem are you
trying to solve?
The goal is to allow the configuration of the security level of
applications centrally in a system. That is, to not require the
administrator to
On Po, 2014-03-31 at 16:24 +0200, Nikos Mavrogiannopoulos wrote:
On Mon, 2014-03-31 at 13:55 +, Viktor Dukhovni wrote:
This too feels like intrusive overreach. What problem are you
trying to solve?
The goal is to allow the configuration of the security level of
applications
On Tue, Mar 25, 2014 at 05:37:49PM +0100, Tomas Mraz via RT wrote:
Can OpenSSL developers please at least say what they think about the
acceptability of the SYSTEM keyword support in the cipher string? I'd
like to add the support to Fedora openssl package but we would like to
see it
I am not an OpenSSL developer, but it seems to me that system default
cipherlists are not a good idea.
+1
I'd rather see the ability to add a new section openssl.cnf, like
[ cipher-profile ]
redhat-recommended = AES256-CGM-SHA384
and then you could do things like
On Thu, Mar 27, 2014, Salz, Rich wrote:
I am not an OpenSSL developer, but it seems to me that system default
cipherlists are not a good idea.
+1
I'd rather see the ability to add a new section openssl.cnf, like
[ cipher-profile ]
redhat-recommended = AES256-CGM-SHA384
On Thu, Mar 27, 2014 at 05:20:06PM +, Viktor Dukhovni wrote:
What would an O/S distribution do with SYSTEM that would make it
better than DEFAULT or ALL?
You really do not want to use DEFAULT. And some people even set
it to ALL having no idea what that does.
We either need sane defaults,
On Thu, Mar 27, 2014 at 08:11:59PM +0100, Kurt Roeckx wrote:
On Thu, Mar 27, 2014 at 05:20:06PM +, Viktor Dukhovni wrote:
What would an O/S distribution do with SYSTEM that would make it
better than DEFAULT or ALL?
You really do not want to use DEFAULT. And some people even set
it
On St, 2014-02-19 at 23:03 +0100, Nikos Mavrogiannopoulos via RT wrote:
This keyword allows a program to simply specify SYSTEM in its
configuration file and the SSL cipher used will be determined at
run-time from a system-specific file. The system default keywords can be
extended by appending
This keyword allows a program to simply specify SYSTEM in its
configuration file and the SSL cipher used will be determined at
run-time from a system-specific file. The system default keywords can be
extended by appending any application-specific ciphers such as
SYSTEM:PSK.
Such a keyword allows
13 matches
Mail list logo
