On 09/01/2021 23:24, Steffen Nurpmeso wrote: > Hello. > > I do use SSL_CONF_cmd() (and modules) possibility if it exists, > since it allow users to simply use the features of the newest > OpenSSL library without any code changes on my side. > This is great, and i think i applauded in the past. > > I discovered security_level(), needless to say i thought > @SECLEVEL= of ciphers(1) was broken until i discovered -s is > required to make it functional (..and do not get me started on > -ciphersuites..). > > Wouldn't it make sense to offer SecurityLevel as a keyword for > SSL_CONF_cmd(), and therefore also SSL_CTX_config(), too -- since > it seems (from the manual) to extend to more than what i would > assume to be covered by a @SECLEVEL member of CipherString aka > ..Ciphersuites...? This is probably a good idea. I'd support it if someone wanted to add that. Matt
