[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Chicken-users] OpenSSL egg option defaults poll
From: |
Peter Bex |
Subject: |
Re: [Chicken-users] OpenSSL egg option defaults poll |
Date: |
Thu, 16 Oct 2014 09:54:49 +0200 |
User-agent: |
Mutt/1.4.2.3i |
On Thu, Oct 16, 2014 at 09:41:29AM +0200, Christian Kellermann wrote:
> Thomas Chust <address@hidden> writes:
> > So I would like to poll for opinions from people on this list
> > concerning this situation. Do you think the default options in the
> > OpenSSL egg should be "hardened"? Do you think more options should be
> > introduced? Is compatibility with the rest of the internet a concern
> > at all? ;-)
>
> Despite many valid reasons for keeping the old ones activated, I'd like
> to see the old Versions dropped from the default setting. The longer
> people keep them around the longer they will stay. Also I'd explicitly
> turn *on* certificate verification, as painful as this may be. If the
> ssl egg silently accepts invalid certificates it creates a false sense
> of security to the user. If someone needs all these features they know
> that and will turn them back on.
An emphatic +1 on that from me.
Cheers,
Peter
--
http://www.more-magic.net
- [Chicken-users] OpenSSL egg option defaults poll, Thomas Chust, 2014/10/15
- Re: [Chicken-users] OpenSSL egg option defaults poll, Andy Bennett, 2014/10/15
- Re: [Chicken-users] OpenSSL egg option defaults poll, Sascha Ziemann, 2014/10/16
- Re: [Chicken-users] OpenSSL egg option defaults poll, Christian Kellermann, 2014/10/16
- Re: [Chicken-users] OpenSSL egg option defaults poll, Florian Zumbiehl, 2014/10/16
- Re: [Chicken-users] OpenSSL egg option defaults poll, Thomas Chust, 2014/10/26