On Fri, Aug 15, 2014 at 11:43:51AM -0400, Salz, Rich wrote:
> Does ANYONE think that case-sensitive cipher names are good idea?
>
> Someone who types TLSV1:RC4-MD5 will find things working, but is
> likely to be surprised by how weakly-protected they are.
The case makes some things more clear:
aRSA, kDHE, eNULL
There are lots of other ways to typo the input string. To protect
users from typos, raw cipherlist strings should not be exposed by
applications as the primary user/administrator interface for cipher
selection.
Perhaps there are currently no collisions, and case folding is
likely safe, but I don't really see much benefit from this. I
think that's the wrong problem to invest time in. Instead, things
like the security level interface in "master", (which still needs
some polish) are more like the way to go. The cipherlist mini-language
is much too subtle for most users.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
