Hello,

Nikos Mavrogiannopoulos <n...@redhat.com> wrote:
 |On Thu, 2015-02-12 at 18:39 +0100, Steffen Nurpmeso wrote:

 |> And i want to point to OPENSSL_config(3) which states for a longer
 |> time duration:
 |> 
 |>        It is strongly recommended that all new applications call
 |>        OPENSSL_config() or the more sophisticated functions such as
 |>        CONF_modules_load() during initialization (that is \
 |>        before starting any

 |>   # /etc/openssl.rc
 |>   [ciphers]
 |>   DEFAULT=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384
 |>   !ALL=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384
 |> 
 |> so that a user could do
 |> 
 |>   # ~/.openssl.rc
 |>   [ciphers]
 |>   DEFAULT=ECDHE-RSA-AES256-GCM-SHA384
 |
 |Some time ago, I had submitted a patch which allows administrators, but
 |most importantly OS distributors to set their own strings in the
 |configuration file, which software can then rely on, to provide a
 |consistent security level: https://github.com/openssl/openssl/pull/192

sorry, i haven't seen that yet.  Of course, definining their very
own profile in a special namespace is i think also a great option
for users.

--steffen
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to