Am Freitag, 16. August 2013, 01:21:08 schrieb Ángel González: > On 15/08/13 10:36, Tim Ruehsen wrote: > > I just found that OpenSSL also has a cipher naming convention: > > http://www.openssl.org/docs/apps/ciphers.html > > > > If Wget is compiled with OpenSSL, the user could use these. > > If Wget is compiled with GnuTLS, the user would use GnuTLS option strings. > > > > Maybe a new option like --secure-options=... for expert users would be > > better than recycling --secure-protocol. > > wgetrc should have two settings like secureoptionsgnutls and > > secureoptionsopenssl. For when a user changes these settings and than > > switches between wget-gnutls and wget-openssl. E.g. I sometimes do this > > for debugging or bug hunting or for comparing resource usage. > > > > Beside this 'expert' option, there should be a an 'everyones' option to > > force/enable PFS, using --secure-protocol as I already suggested. > > > Looking at http://www.openssl.org/docs/apps/ciphers.html and > http://gnutls.org/manual/html_node/Priority-Strings.html it looks like > they are compatible. > Is that right? That way we could use the same argument, even if some > extended > syntax is only available with one of the cipher libraries.
Hmmm, I really can't see any compatibility in the cipher naming conventions. http://backreference.org/2009/11/18/openssl-vs-gnutls-cipher-names/ But the separator : and +/- to add/remove ciphers is the same. Regards, Tim
signature.asc
Description: This is a digitally signed message part.
