Re: FIPS certification for openssl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 11/29/2017 6:13 PM, Salz, Rich via openssl-users wrote:
I agree with you, but a problem is that “safe and secure” changes over time when new  crypto and other new features are added. And then users get upset when their connections no longer work.

Agreed, that's a tough trade-off.

Still, I'd rather have compatibility problems - as long as there's a way to explicitly request the less-secure option - than silently be insecure.

Having per-user or system-wide configuration files that are consulted under the covers would help, since then the user could revert to less-secure settings without needing the application source.  Maybe have the "create handle" function take an application name as an argument, so that individual applications could be managed separately.

Looking at it another way:  browsers manage to do it...

-- 
Jordan Brown, Oracle Solaris
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux