* Gunnar Haslinger <[email protected]> [03/11/2015 23:09:16] wrote: > Am 03.11.2015 um 22:38 schrieb Aaron Zauner: > > I recommend double-checking a cipherstring recommendation against > > *all* 0.9.8 and 1.0.1 branches. > > OK ... thats harder than I expected. > But than it seems to be unsolvable for me to get a predictable situation > by recommending a fixed "Cipher Suite B" String. > > Maybe the recommendation should not be a fixed CipherString but a > OpenSSL/Distri-specific String? > > Or maybe it's possible to write a Script which checks out what OpenSSL > offers on this specific platform and "brute-force-tests" with the very > common configuration-Options what fits best against to be defined > "BetterCrypto-Rules"?
I do agree there. And we've had the idea for quite a while now. Ideally we'd have a web form where you fill out your daemon, it's version, your operating system, the distribution and version and a bit of JavaScript magic does the rest. Nobody found time for that so far. Even better would be rendering the document specific to a certain distribution / OpenSSL version. But that's kinda getting out of hand. Aaron
signature.asc
Description: Digital signature
_______________________________________________ Ach mailing list [email protected] http://lists.cert.at/cgi-bin/mailman/listinfo/ach
