Thomas Chust <ch...@web.de> writes: > So I would like to poll for opinions from people on this list > concerning this situation. Do you think the default options in the > OpenSSL egg should be "hardened"? Do you think more options should be > introduced? Is compatibility with the rest of the internet a concern > at all? ;-)
Despite many valid reasons for keeping the old ones activated, I'd like to see the old Versions dropped from the default setting. The longer people keep them around the longer they will stay. Also I'd explicitly turn *on* certificate verification, as painful as this may be. If the ssl egg silently accepts invalid certificates it creates a false sense of security to the user. If someone needs all these features they know that and will turn them back on. My 2¢… Christian -- May you be peaceful, may you live in safety, may you be free from suffering, and may you live with ease. _______________________________________________ Chicken-users mailing list Chicken-users@nongnu.org https://lists.nongnu.org/mailman/listinfo/chicken-users
