On Wed, May 15, 2013, Santhosh Kokala wrote:
Hi All,
I have a use case where an admin can configure the Ciphers from UI. I have
this code in the backend that tries to set the cipher
meth = TLSv1_client_method();
ctx = SSL_CTX_new(meth);
sslretval =
On 5/15/2013 3:27 AM, Viktor Dukhovni wrote:
On Wed, May 15, 2013 at 12:58:37AM +, Santhosh Kokala wrote:
I have a use case where an admin can configure the Ciphers from
UI. I have this code in the backend that tries to set the cipher
meth = TLSv1_client_method();
ctx =
As a knowledgeable user, I despise user interfaces like that
As a knowledgeable user, you are in the minority and it is certainly your right
to complain if your choices are restricted.
and tend to recommend against such products even for novices.
I firmly believe this is wrong.
A good user
On Wed, May 15, 2013 at 01:07:23PM +0200, Jakob Bohm wrote:
If the underlying choices need to be configurable, that should
generally not be via the UI, rather via a configuration file of
some sort.
This assumes your users are normal users, not SSL protocol testers
who want fine-grained
On 5/15/2013 4:38 PM, Salz, Rich wrote:
As a knowledgeable user, I despise user interfaces like that
As a knowledgeable user, you are in the minority and it is certainly your right
to complain if your choices are restricted.
and tend to recommend against such products even for novices.
I
On Wed, May 15, 2013 at 8:26 AM, Viktor Dukhovni openssl-us...@dukhovni.org
wrote:
OpenSSL cipherlists are not for novices.
Like everything else about an old API that grew organically, it has too
much surface area. It's unreasonable to rely on expert performance to
prevent errors - it should
I was talking about a user interface to specify settings without requiring a
rebuild of the applications.
And on this, we completely agree :)
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
__
OpenSSL
On 5/15/2013 5:26 PM, Viktor Dukhovni wrote:
On Wed, May 15, 2013 at 01:07:23PM +0200, Jakob Bohm wrote:
If the underlying choices need to be configurable, that should
generally not be via the UI, rather via a configuration file of
some sort.
This assumes your users are normal users, not SSL
On Wed, May 15, 2013 at 09:59:52AM -0600, Salz, Rich wrote:
I was talking about a user interface to specify settings without requiring
a rebuild of the applications.
And on this, we completely agree :)
+1 for no application rebuilds. Hard-coded cipherlists is not what
I had mind, if
On Wed, May 15, 2013 at 12:58:37AM +, Santhosh Kokala wrote:
I have a use case where an admin can configure the Ciphers from
UI. I have this code in the backend that tries to set the cipher
meth = TLSv1_client_method();
ctx = SSL_CTX_new(meth);
sslretval =
Viktor gave some excellent advice. I'd tweak it by removing 'export' as
something to support. And perhaps use weak, good, strong -- whatever, keep the
number of choices very small. I'd suggest to not use default since folks will
get upset if it changes. They are more accepting if the
On Tue, May 14, 2013 at 09:42:08PM -0500, Salz, Rich wrote:
Viktor gave some excellent advice. I'd tweak it by removing
'export' as something to support. And perhaps use weak, good,
strong -- whatever, keep the number of choices very small. I'd
suggest to not use default since folks will
@openssl.org
Subject: Re: FIPS Capable Ciphers List
On Tue, May 14, 2013 at 09:42:08PM -0500, Salz, Rich wrote:
Viktor gave some excellent advice. I'd tweak it by removing 'export'
as something to support. And perhaps use weak, good, strong --
whatever, keep the number of choices very small
13 matches
Mail list logo