Does the openssl library not read the config file thereby enforcing
what is available to all applications that use the openssl library?
Or am I being too optimistic?
What behaviour exists within the openssl library when it is built and
configured with options to disable certain protocols or ciphers that
could not be duplicated with runtime configuration options? I realize
that those runtime configuration options may not yet exist - they do not
according to Rich's response to my previous email - but that is what I
was hoping for when I asked my question yesterday.
If this behaviour is not possible in openssl, I'm now wondering how
feasible it would be to interpose a library to intercept openssl calls
and modify application requests for protocols or ciphers.
tp
On Thu, 16 Oct 2014, Dmitry Belyavsky wrote:
Hello Rich,
Unfortunately not all applications read the openssl config file...
On Thu, Oct 16, 2014 at 2:53 AM, Salz, Rich <rs...@akamai.com> wrote:
> > I'd like to be able to disable SSLv3 for all openssl-enabled
> > applications in a single configuration file if possible, so
that this
> > doesn't have to be done for each application.
>
> No it's not possible.
>
> Not enhancement idea, tho.
AARGH. "Nice" enhancement idea.
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.me Twitter: RichSalz
______________________________________________________________________
OpenSSL Project
http://www.openssl.org
User Support Mailing List
openssl-users@openssl.org
Automated List Manager
majord...@openssl.org
--
SY, Dmitry Belyavsky
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
