[jaenicke - Wed Jul 10 08:50:56 2002]:
> [bodo - Thu Jul 4 10:34:15 2002]:
>
> > However, it would still be a good idea to create a "NONE" cipher
suite
> > group alias because it is useful in the other scenarios given in the
> > problem description.
>
> I have already worked in the cipher selection routines yesterday with
> respect to PR#130. I will add an appropriate "NOTDEFAULT" selection
> keyword that will cover cipher suites not selected by default.
> As this is a new feature I intend to only add it to 0.9.7 (and later).
Technically spoken we have two things:
* ALL: all ciphers _except_ eNULL (no encryption is left out)
* DEFAULT: ALL ciphers, then ADH is removed, then some sorting
We would therefore have two classes of non-selected ciphers:
* NODEFAULT: meaning effectively ADH in the moment
* NOALL: meaning effectively eNULL in the moment
Of course, this distinction is not necessarily clear unless you look
up the realization of DEFAULT and ALL.
Should I realize both classes? Actually it would make sense from the
logical point of view and in the documentation I would propose to use
something like "RSA:NODEFAULT:NOALL" to unselect the unwanted ciphers.
I propose NOALL instead of NONE in order to reflect its logic
interaction with the ALL keyword.
Opinions?
Lutz
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
