Christopher,
Il 19/01/2022 20:32, Christopher Schultz ha scritto:
Ivano,
On 1/19/22 10:58, Ivano Luberti wrote:
Mark, Christopher
Il 19/01/2022 15:31, Christopher Schultz ha scritto:
Mark,
On 1/19/22 05:00, Mark Thomas wrote:
On 18/01/2022 23:16, Christopher Schultz wrote:
All,
There are a bunch of parameters in SSLHostConfig which are
documented[1] to be "OpenSSL Only" and "JSSE only". I thought we
made it so either configuration could be used with either
underlying crypto engine. Is that not true? Or is it only true if
you are using JSSE with OpenSSL as the JSSE-provider??
You can configure TLS using JSSE style configuration or OpenSSL
style configuration. That configuration style choice is independent
of implementation.
So you can have any of:
- JSSE style config with NIO(2)+JSSE
- JSSE style config with NIO(2)+OpenSSL
- JSSE style config with APR/Native
- OpenSSL style config with NIO(2)+JSSE
- OpenSSL style config with NIO(2)+OpenSSL
- OpenSSL style config with APR/Native
What you can't do is mix JSSE configuration with OpenSSL
configuration. You have to pick a single configuration style.
To slightly complicate things, some configuration settings work
with JSSE or OpenSSL. What that means if you use a "JSSE only"
setting then you can't also use an "OpenSSL only" setting (and vice
versa).
Thanks.
How can we adjust the documentation to make it clear that you can
choose either style of configuration, but that you have to be
consistent?
Maybe two separate sections of the documentation with an
introduction saying "there are two styles of config: pick one" and
then remove the "JSSE Only" or "OpenSSL Only" notes on each?
-chris
I was greatly misled by that documentation when I had to study and
apply it, so I agree it should be modified.
But it would make even more sense to me, if is only a matter of
style, that one of the two styles is removed: we are talking about
configuration not poetry: I cannot see any usefulness in having more
than one way to express the same configuration
We can't remove configuration elements from a release in the way you
describe. Perhaps in 10.1 as it's still in alpha-phase.
I understand your point and the rest of the reasoning.
But at least documentation should describe the situation as you do in
this mail, so to better orienting the reader
--
Archimede Informatica tratta i dati personali in conformità a quanto
stabilito dal Regolamento UE n. 2016/679 (GDPR) e dal D. Lgs. 30 giugno
2003 n. 196
per come modificato dal D.Lgs. 10 agosto 2018 n. 101.
Informativa completa
<http://www.archicoop.it/fileadmin/pdf/InformativaTrattamentoDatiPersonali.pdf>
dott. Ivano Mario Luberti
Archimede Informatica società cooperativa a r. l.
Via Gereschi 36, 56127 Pisa
tel.: +39 050/580959 | fax: +39 050/8932061
web: www.archicoop.it
linkedin: www.linkedin.com/in/ivanoluberti
facebook: www.facebook.com/archimedeinformaticapisa/