On Tue, 9 Dec 2014 17:25:28 +0100 Nikos Mavrogiannopoulos <[email protected]> wrote:
NM> (btw. there is no SSL 1.0) Yup, sorry. So we should definitely not allow it ;) NM> I think a good approach is to define few understandable policies. NM> Fedora for example provides LEGACY, DEFAULT and FUTURE. The idea is NM> that legacy would work with any server providing something better than NM> plaintext, default a reasonable security level for today's metrics, NM> and future is a security level with the state of the art encryption NM> requirements of today. NM> You may get inspired by the gnutls settings for them: NM> https://github.com/nmav/fedora-crypto-policies/tree/master/profiles OK, that's very helpful. So that's an application-level setting that manages the GnuTLS settings and messaging. That's what Lars has done with the Emacs `network-security-level' variable, so users just have to set one thing. We'll stick with that. Thanks Ted _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
