On Monday 09 September 2013 10:46:20 Giuseppe Scrivano wrote: > Tim Ruehsen <[email protected]> writes: > > I don't think, we need a change. Even if the priority string 'PFS' will be > > backported to e.g. libgnutls 3.1.x, you still need a current Wget to use > > PFS. And the current Wget falls back to 'NORMAL:-RSA' which is exactly > > the same regarding the used ciphers (even the order is the same). > > The only reason for using the 'PFS' priority string instead of > > 'NORMAL:-RSA' is to enable future changes to PFS ciphers. This is a > > forward compatibility, the backward compatibility is given right now. > > > > Of course there could be a future diversion of 'PFS' and 'NORMAL:-RSA' > > which is than backported to libgnutls < 3.2.4. But maybe we should talk > > about this issue than, or the backporters creates a Wget patch for their > > system !? > > > > However, here is a patch for your suggestion. > > Should Giuseppe decide about it. > > I am mostly following the discussion here, since you have all the > technical details. > > I agree with your analysis that it shouldn't be a problem; but on the > other hand, such a change will simply put us on the safe side and > without any side effect. So I personally have no objection to it :-) > > Thanks you both to keep thinking about this.
Hi Guiseppe, please consider applying this patch... Tim
