Wording in OpenSSL documentation for SSL_CTX_set_options

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi all,

Another thing:  couldn't SSL_OP_CIPHER_SERVER_PREFERENCE be renamed (or 
aliased) to SSL_OP_SERVER_PREFERENCE in OpenSSL 1.1.0 because it applies 
to more objects than only cipher suites?

-- 
Julien


-------- Message transf?r? --------
Sujet : Wording in OpenSSL documentation for SSL_CTX_set_options
Date : Fri, 29 Jul 2016 21:15:16 +0200

Hi,

In a recent discussion in the news.software.nntp newsgroup, we discussed 
the use of SSL_OP_CIPHER_SERVER_PREFERENCE, and would like to point out 
a possible improvement in the wording of the documentation of 
SSL_CTX_set_options.

Currently, there is in OpenSSL documentation:

    https://www.openssl.org/docs/manmaster/ssl/SSL_CONF_cmd.html

"-serverpref
Use server and not client preference order when determining which cipher 
suite, signature algorithm or elliptic curve to use for an incoming 
connection. Equivalent to SSL_OP_CIPHER_SERVER_PREFERENCE. Only used by 
servers."


    https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_options.html

"When choosing a cipher, use the server's preferences instead of the 
client preferences. When not set, the SSL server will always follow the 
clients preferences. When set, the SSL/TLS server will choose following 
its own preferences."


Maybe the documentation of SSL_CTX_set_options should also mention 
signature algorithms and elliptic curves.

Also, Michael B?uerle noted that TLSv1.3 seems to change things a bit 
because FFDHE groups can now be negotiated too (codes starting at 256):
<https://tools.ietf.org/html/draft-ietf-tls-tls13-14#section-4.2.3>
and therefore suggests to mention "(EC)DHE groups" in both the above man 
pages.


Have a nice day,

-- 
Julien ?LIE

? La libertad, Sancho, es uno de los m?s preciosos dones que a los
    hombres dieron los cielos; con ella no pueden igualarse los tesoros
    que encierran la tierra y el mar: por la libertad, as? como por la
    honra, se puede y debe aventurar la vida. ? (Miguel de Cervantes
    Saavedra)


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux