On Wed, May 15, 2013 at 01:07:23PM +0200, Jakob Bohm wrote:
> >If the underlying choices need to be configurable, that should
> >generally not be via the UI, rather via a configuration file of
> >some sort.
> >
> >This assumes your users are normal users, not SSL protocol testers
> >who want fine-grained control and understand OpenSSL ciphers in
> >detail.
> >
>
> As a knowledgeable user, I despise user interfaces like that, and tend
> to recommend against such products even for novices.
You seem to have neglected the configurability of the underlying
choices. That's done by experts, such you, Rich or myself (if I
may be so bold).
In Postfix users can when they need to do so adjust the underlying
the cipherlist specs, but they almost never need to do that, and
asking them to do so when they simply want a knob to tune the
minimum strength (or choose an appropriate profile) would be a
disservice.
OpenSSL cipherlists are not for novices.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
