On 10 December 2014 at 19:26, Daniel Kahn Gillmor <d...@fifthhorseman.net> wrote:
> Programs which use the OpenSSL library generally just want to flip a > switch and know that they've "turned on security", instead of trying to > expose dozens of complex controls to the user or administrator. The > closer OpenSSL can come to that ideal, the more likely its users will > have reasonably strong crypto without having to learn the dirty dirty > details and history of TLS and its predecessors. > My experience suggests that while that might be what some developers want, that's not what users want. They expect that if it works in the browser it should work everywhere - even when the browser is jumping through hoops like fetching missing intermediate certificates, downgrading security etc. If the world were perfect and the browsers didn't do this then life would be a lot easier. Cheers Rich.
_______________________________________________ openssl-dev mailing list openssl-dev@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-dev
