On Sun, Mar 04, 2018 at 05:30:32PM +0100, Kurt Roeckx wrote: > On Sun, Mar 04, 2018 at 02:44:01PM +0000, Salz, Rich wrote: > > I also intend to merge the config file .include PR (5351), and I want us to > > decide about 4848. > > I have to agree that I want to resolv 4848 (reading config file to > select things like supported ciphers.)
So far my personal opinion on this one is that I'd rather wait until 1.2 and actually change the SSL_CTX_new() behavior, as opposed to having to add a new API that not much software would be using. (To be clear, I think that changing SSL_CTX_new() to read a systemwide config file is inconsistent with our API stability policy for dot releases.) This is perhaps complicated by the interplay with #2397, which also wants to extend SSL_CTX_new() for sharing session caches between SSL_CTXes. (This behavior inherently requires a new API.) -Ben _______________________________________________ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project