On Wed, May 15, 2013 at 09:59:52AM -0600, Salz, Rich wrote:
> > I was talking about a user interface to specify settings without requiring
> > a rebuild of the applications.
>
> And on this, we completely agree :)
+1 for no application rebuilds. Hard-coded cipherlists is not what
I had mind, i
On 5/15/2013 5:26 PM, Viktor Dukhovni wrote:
On Wed, May 15, 2013 at 01:07:23PM +0200, Jakob Bohm wrote:
If the underlying choices need to be configurable, that should
generally not be via the UI, rather via a configuration file of
some sort.
This assumes your users are normal users, not SSL p
> I was talking about a user interface to specify settings without requiring a
> rebuild of the applications.
And on this, we completely agree :)
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
__
OpenSSL Proje
On Wed, May 15, 2013 at 8:26 AM, Viktor Dukhovni wrote:
OpenSSL cipherlists are not for novices.
>
>
Like everything else about an old API that grew organically, it has too
much surface area. It's unreasonable to rely on expert performance to
prevent errors - it should be hard to make mistakes w
On 5/15/2013 4:38 PM, Salz, Rich wrote:
As a knowledgeable user, I despise user interfaces like that
As a knowledgeable user, you are in the minority and it is certainly your right
to complain if your choices are restricted.
and tend to recommend against such products even for novices.
I f
On Wed, May 15, 2013 at 01:07:23PM +0200, Jakob Bohm wrote:
> >If the underlying choices need to be configurable, that should
> >generally not be via the UI, rather via a configuration file of
> >some sort.
> >
> >This assumes your users are normal users, not SSL protocol testers
> >who want fine-
> As a knowledgeable user, I despise user interfaces like that
As a knowledgeable user, you are in the minority and it is certainly your right
to complain if your choices are restricted.
> and tend to recommend against such products even for novices.
I firmly believe this is wrong.
> A good us
On 5/15/2013 3:27 AM, Viktor Dukhovni wrote:
On Wed, May 15, 2013 at 12:58:37AM +, Santhosh Kokala wrote:
I have a use case where an admin can configure the Ciphers from
UI. I have this code in the backend that tries to set the cipher
meth = TLSv1_client_method();
ctx = SSL_CTX_
On Wed, May 15, 2013, Santhosh Kokala wrote:
> Hi All,
> I have a use case where an admin can configure the Ciphers from UI. I have
> this code in the backend that tries to set the cipher
>
> meth = TLSv1_client_method();
>
> ctx = SSL_CTX_new(meth);
>
> sslretval = SSL_CTX_set_cip
013 10:51 PM
To: openssl-users@openssl.org
Subject: Re: FIPS Capable Ciphers List
On Tue, May 14, 2013 at 09:42:08PM -0500, Salz, Rich wrote:
> Viktor gave some excellent advice. I'd tweak it by removing 'export'
> as something to support. And perhaps use weak, good, str
On Tue, May 14, 2013 at 09:42:08PM -0500, Salz, Rich wrote:
> Viktor gave some excellent advice. I'd tweak it by removing
> 'export' as something to support. And perhaps use weak, good,
> strong -- whatever, keep the number of choices very small. I'd
> suggest to not use "default" since folks wi
Viktor gave some excellent advice. I'd tweak it by removing 'export' as
something to support. And perhaps use weak, good, strong -- whatever, keep the
number of choices very small. I'd suggest to not use "default" since folks will
get upset if it changes. They are more accepting if the definit
On Wed, May 15, 2013 at 12:58:37AM +, Santhosh Kokala wrote:
> I have a use case where an admin can configure the Ciphers from
> UI. I have this code in the backend that tries to set the cipher
>
> meth = TLSv1_client_method();
>
> ctx = SSL_CTX_new(meth);
>
> sslretval = SSL_CT
13 matches
Mail list logo
