On 11/13/2012 03:12 PM, Remigiusz Modrzejewski wrote:
On Nov 13, 2012, at 15:09 , ST wrote:
why not put it inside in order not to bother with 3rd party stuff?
To keep the core small?
Also, safer. TLS is a bag of vulnerabilities waiting for a chance* to
get out; better to keep it closed, in a separate unprivileged chrooted
process.
*) chances to get out are greatly improved if combined with
insanity of OpenSSL API.
See also http://www.daemonology.net/blog/2009-09-28-securing-https.html
--
Dmitry Chestnykh
http://www.codingrobots.com
_______________________________________________
fossil-users mailing list
[email protected]
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
