Issue #7191 has been updated by Daniel Pittman. Tracker changed from Feature to Bug
>> I would look more favourably at letting the user override the suite, rather >> than just the block size, so that if someone wanted !AES, or !256, or !CBC, >> they could have it. > > I did some testing when I first wrote the code and you really want to use > AES for performance, dont want to support others that will just make people > complain (more). Assuming we rule out silly things like just DES. Smart people agree; long term, though, AES and especially short-key-AES might end up being insufficient for some users meeting their threat management guidelines and all. >> Tweaking just parts of that also encourages people to think they know why >> this is a good idea, when it usually isn’t. :) > > not sure how letting them tweak everything improves this, it just mean they > have to understand even more? Maybe just not understanding what you mean. This is about user expectations, and in my experience the finer the adjustment the knob makes the more people are going to expect to tune it. So, my expectation is that UX will be overall better having a single big knob rather than a fine grained one – but not for technical reasons, just social ones. I certainly agree with your overall concerns in the area. I think the compatibility issue is one to address through other means, and not strictly relevant here. ---------------------------------------- Bug #7191: The AES key size used by M::SSL should be configurable https://projects.puppetlabs.com/issues/7191 Author: R.I. Pienaar Status: Accepted Priority: Normal Assignee: R.I. Pienaar Category: Core Target version: 1.1.5 Keywords: Branch: ripienaar/marionette-collective/feature/master/7191 Affected mCollective version: Currently the SSL class has aes-256-cbc hardcoded, this is the largest keysize and should also be the slowest additionally it will be problematic on JRuby as it requires additional tweaking. Make it support 128, 192 or 256 in the config file. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
