On Mon, Feb 26, 2018 at 10:26 AM, mcatanzaro@xxxxxxxxx wrote:
Alternatively, if you want to strengthen the system crypto policy, then it should not apply to web browsers at all. Or web browsers should automatically use the weak policy. (We'd need the weak policy in glib-networking, too.)
Reading the change proposal page, I see we have LEGACY, DEFAULT, and FUTURE policies. We could add a BROWSER policy to matching what upstream Firefox is doing. That would be mostly stricter than LEGACY, but weaker than DEFAULT for DH parameter size. Then we would need some way for applications to override the policy choice at runtime, e.g. using a GnuTLS priority string of "@BROWSER" rather than "@SYSTEM". I do understand that's quite different from how you envisioned the system policy to work....
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
