Hi, On Thu, Oct 08, 2015 at 01:55:31PM +0200, Steffan Karger wrote: > > But what happens in that case? PolarSSL build, user requests something > > he knows from OpenSSL, we don't have a translation entry for it - will > > he receive "the default cipher set" (not what he is asking for) then? > > What our translation does is "if we know a translation for a cipher, > then replace with translation, else warn and leave original". The > resulting cipher string is then passed to the crypto library. The > crypto library will then either connect or give a (sometimes cryptic) > error. We do this, because we simply can't keep track of all (new, or > just exotic) cipher names, but do want to offer config compatibility > for most standard setups between polar<>openssl.
OK, now I understand. So if a User puts in a polarssl cipher, he might
end up with a (non-useful) warning about "translation not found!" while
polarssl is all happy about it - and if he puts in a totally unknown
OpenSSL cipher, polarssl will refuse it anyway, so no need to have
an extra warning.
This is perfectly fine for me, then - I was just a bit worried about
"unexpected behaviour happening, with no clear warning".
(ACK)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
signature.asc
Description: PGP signature
