On 08/15/2013 04:36 AM, Tim Ruehsen wrote: > Maybe a new option like --secure-options=... for expert users would be better > than recycling --secure-protocol. > wgetrc should have two settings like secureoptionsgnutls and > secureoptionsopenssl. For when a user changes these settings and than > switches > between wget-gnutls and wget-openssl.
I like this idea. On the GnuTLS mailing list, it is often encouraged
for applications which use the library to expose the priority string to
their users as a setting.
> Beside this 'expert' option, there should be a an 'everyones' option to
> force/enable PFS, using --secure-protocol as I already suggested.
My only concern about this is what a mirroring/recursive wget would do
if it encountered an http:// or ftp:// link within its initial https://
fetch. Would wget --secure-protocol refuse to fetch the cleartext link
(thereby failing to fully mirror), or would it go ahead and fetch it
(thereby failing to require a secure protocol)?
--dkg
signature.asc
Description: OpenPGP digital signature
