Axel Rau <[email protected]> writes:
> No, not really. Complexity often keeps users away from a feature. (-;
Yes. In this case, one of the results of the flexibility is that GUI
support is essentially impossible.
> While we are talking about NSA, are you considering implementing
> Diffie–Hellman key exchange?
I would happily add that. Right now the server uses the openssl default,
more or less:
SSL_CTX_set_cipher_list( ctx, "HIGH:MEDIUM:!LOW:!EXPORT" );
Do you know how to set a suitable cipher list to prefer cipher suites
with PFS? Google found http://stackoverflow.com/questions/17308690, but
the SSLCIpherSuite lists on that page look a little too complex for my
taste. Comments?
Arnt
