Hello. I do use SSL_CONF_cmd() (and modules) possibility if it exists, since it allow users to simply use the features of the newest OpenSSL library without any code changes on my side. This is great, and i think i applauded in the past. I discovered security_level(), needless to say i thought @SECLEVEL= of ciphers(1) was broken until i discovered -s is required to make it functional (..and do not get me started on -ciphersuites..). Wouldn't it make sense to offer SecurityLevel as a keyword for SSL_CONF_cmd(), and therefore also SSL_CTX_config(), too -- since it seems (from the manual) to extend to more than what i would assume to be covered by a @SECLEVEL member of CipherString aka ..Ciphersuites...? This seems desirable to me. For now i will not offer security_level because i would have to implement a special code path to bypass SSL_CONF_cmd/SSL_CTX_config, which is used exclusively if available. Ciao and a good Sunday from Germany i wish, (P.S.: i have not github account.) --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
