> On 03 Nov 2015, at 23:08, Gunnar Haslinger <gh.bettercry...@hitco.at> wrote: > > Am 03.11.2015 um 22:38 schrieb Aaron Zauner: >> I recommend double-checking a cipherstring recommendation against >> >> *all* 0.9.8 and 1.0.1 branches. > > OK ... thats harder than I expected. > But than it seems to be unsolvable for me to get a predictable situation by > recommending a fixed "Cipher Suite B" String. > > Maybe the recommendation should not be a fixed CipherString but a > OpenSSL/Distri-specific String? >
This comes back to our idea for bettercrypto which we had ~ a year ago (or even longer ;-) - to make a drop down menu website where you select your OS, your distri version, ssl lib version and clients you want to support -> click “generate cipher string” and there you go. However, this is probably needs some kind of automatic regression/compatibility testing. > Or maybe it's possible to write a Script which checks out what OpenSSL offers > on this specific platform and "brute-force-tests" with the very common > configuration-Options what fits best against to be defined > "BetterCrypto-Rules”?Maybe. Maybe. How much work can it be? > > > _______________________________________________ > Ach mailing list > Ach@lists.cert.at > http://lists.cert.at/cgi-bin/mailman/listinfo/ach
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Ach mailing list Ach@lists.cert.at http://lists.cert.at/cgi-bin/mailman/listinfo/ach
