On Wed, May 15, 2013 at 01:07:23PM +0200, Jakob Bohm wrote: > >If the underlying choices need to be configurable, that should > >generally not be via the UI, rather via a configuration file of > >some sort. > > > >This assumes your users are normal users, not SSL protocol testers > >who want fine-grained control and understand OpenSSL ciphers in > >detail. > > > > As a knowledgeable user, I despise user interfaces like that, and tend > to recommend against such products even for novices.
You seem to have neglected the configurability of the underlying choices. That's done by experts, such you, Rich or myself (if I may be so bold). In Postfix users can when they need to do so adjust the underlying the cipherlist specs, but they almost never need to do that, and asking them to do so when they simply want a knob to tune the minimum strength (or choose an appropriate profile) would be a disservice. OpenSSL cipherlists are not for novices. -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org