https://github.com/openssl/openssl/pull/4848
The crux of the issue is that this would change SSL_CTX to apply system defaults when the object is created. In conjunction with the system config file include stuff, this makes it easy to change the behavior of all applications running on a system. This comes from RedHat. Viktor is concerned about changing the semantics of an existing call and argues that there are applications that are smart enough to configure securely. (Unh, postfix and … what others? :) He prefers an explicit opt-in. Others have pointed out the hundreds of programs that would have to be changed make this impractical. I think we have a real opportunity to (a) help downstream distro’s and (b) make it easy to make things more secure. Imagine being able to disable 3DES with a one-line config change (to DEFAULT cipher setting) and a reboot? Yes, it changes the semantics of an important API. I think the security trade-off is very much worth it. We add new option that lets postfix (still waiting for other apps to be named :) opt-out.
_______________________________________________ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
