[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Chicken-users] OpenSSL egg option defaults poll
|
From: |
Christian Kellermann |
|
Subject: |
Re: [Chicken-users] OpenSSL egg option defaults poll |
|
Date: |
Thu, 16 Oct 2014 09:41:29 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux) |
Thomas Chust <address@hidden> writes:
> So I would like to poll for opinions from people on this list
> concerning this situation. Do you think the default options in the
> OpenSSL egg should be "hardened"? Do you think more options should be
> introduced? Is compatibility with the rest of the internet a concern
> at all? ;-)
Despite many valid reasons for keeping the old ones activated, I'd like
to see the old Versions dropped from the default setting. The longer
people keep them around the longer they will stay. Also I'd explicitly
turn *on* certificate verification, as painful as this may be. If the
ssl egg silently accepts invalid certificates it creates a false sense
of security to the user. If someone needs all these features they know
that and will turn them back on.
My 2¢…
Christian
--
May you be peaceful, may you live in safety, may you be free from
suffering, and may you live with ease.