|
On 11/29/2017 8:53 AM, Salz, Rich via
openssl-users wrote:
I am biased, but I believe the project is better, by almost any metric, then it used to be. If you have specific suggestions for how you think it could be improved, it would be great to see them.
My number one complaint is that it seems like the defaults are
generally set up to do the wrong things, and the application has
to either explicitly set "yes, you should be secure" options or do
stuff on its own. This seems to have been getting better -
gaining hostname validation, for instance - but really a client
should be able to say "give me a secure connection to host:port"
and have sensible and secure things happen with a single call.
Maybe two, one to create a handle and the other to actually set up
the connection (to allow for intervening calls that customize the
connection). -- Jordan Brown, Oracle Solaris |
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
