Richard Laager <[email protected]>:
> If "cipher" is for TLS:
OK, that was the idea.
> Rename cipher to ciphers (plural) and add a second one named
> ciphersuites. You'll need two for testing anyway, as OpenSSL takes TLS
> 1.2 and 1.3 cipher specifications separately.
>
> Then those are just done for the final scenario. Note that a single
> cipher name is a valid cipher list, which would force that particular
> cipher. So "ciphers" (plural) is usable exactly identically to how you
> have spec'ed cipher for testing, but is also useful in production.
>
> The documentation should be something like:
> +ciphers+ _string_::
> An OpenSSL cipher list to configure the allowed ciphers for TLS
> versions up to and including TLS 1.2.
>
> +ciphersuites+ _string_::
> An OpenSSL ciphersuite list to configure the allowed ciphersuites for
> TLS 1.3.
I guess it will have to be an empty string that disables encryption.
I will make this change and push.
--
<a href="http://www.catb.org/~esr/";>Eric S. Raymond</a>
My work is funded by the Internet Civil Engineering Institute: https://icei.org
Please visit their site and donate: the civilization you save might be your own.
_______________________________________________
devel mailing list
[email protected]
http://lists.ntpsec.org/mailman/listinfo/devel
