On Thu, Oct 16, 2014 at 09:41:29AM +0200, Christian Kellermann wrote: > Thomas Chust <[email protected]> writes: > > So I would like to poll for opinions from people on this list > > concerning this situation. Do you think the default options in the > > OpenSSL egg should be "hardened"? Do you think more options should be > > introduced? Is compatibility with the rest of the internet a concern > > at all? ;-) > > Despite many valid reasons for keeping the old ones activated, I'd like > to see the old Versions dropped from the default setting. The longer > people keep them around the longer they will stay. Also I'd explicitly > turn *on* certificate verification, as painful as this may be. If the > ssl egg silently accepts invalid certificates it creates a false sense > of security to the user. If someone needs all these features they know > that and will turn them back on.
An emphatic +1 on that from me. Cheers, Peter -- http://www.more-magic.net _______________________________________________ Chicken-users mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/chicken-users
