Re: TLS 1.3 migration: SSL_set_cipher_list vs SSL_set_ciphersuites and "aliases" of families of cipher like TLSv1.3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

>    - Do you think any use for supporting some kind of alias for families of cipher in SSL_set_ciphersuites, like for example "TLSv1.3"

Suppose someone finds out that chacha/poly is insecure and the IETF issues a new RFC that says "TLS 1.3 MUST NOT use" that cipher.  Should the openssl alias change?

It can be wordy, but explicitly listing ciphers and not using aliases (HIGH EXPORT etc) is really better.

As for ease of use, just don't allow the ciphers to be configured.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux