Hello, Nikos Mavrogiannopoulos <n...@redhat.com> wrote: |On Thu, 2015-02-12 at 18:39 +0100, Steffen Nurpmeso wrote:
|> And i want to point to OPENSSL_config(3) which states for a longer |> time duration: |> |> It is strongly recommended that all new applications call |> OPENSSL_config() or the more sophisticated functions such as |> CONF_modules_load() during initialization (that is \ |> before starting any |> # /etc/openssl.rc |> [ciphers] |> DEFAULT=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384 |> !ALL=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384 |> |> so that a user could do |> |> # ~/.openssl.rc |> [ciphers] |> DEFAULT=ECDHE-RSA-AES256-GCM-SHA384 | |Some time ago, I had submitted a patch which allows administrators, but |most importantly OS distributors to set their own strings in the |configuration file, which software can then rely on, to provide a |consistent security level: https://github.com/openssl/openssl/pull/192 sorry, i haven't seen that yet. Of course, definining their very own profile in a special namespace is i think also a great option for users. --steffen _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev