On Wed, May 15, 2013 at 09:59:52AM -0600, Salz, Rich wrote:
> > I was talking about a user interface to specify settings without requiring
> > a rebuild of the applications.
>
> And on this, we completely agree :)
+1 for no application rebuilds. Hard-coded cipherlists is not what
I had mind, if that was unclear, apologies. The suggestion was to
offer a sensible menu of reasonable choices, with an expert interface
to refine those choices.
That expert interface could be via a set of orthogonal controls to
guide the non-quite expert to towards reasonable combinations.
My objection was to an interface that only takes raw cipherlists
from users. That's unwise. Help them build cipherlists that make
sense.
Ultimately the underlying language needs to be exposed for emergencies,
since any radio button controls can only express features known at
the time the application was developed, and the OpenSSL library
grows new cipher properties from time to time.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
