On Fri, Aug 15, 2014 at 11:43:51AM -0400, Salz, Rich wrote: > Does ANYONE think that case-sensitive cipher names are good idea? > > Someone who types TLSV1:RC4-MD5 will find things working, but is > likely to be surprised by how weakly-protected they are.
The case makes some things more clear: aRSA, kDHE, eNULL There are lots of other ways to typo the input string. To protect users from typos, raw cipherlist strings should not be exposed by applications as the primary user/administrator interface for cipher selection. Perhaps there are currently no collisions, and case folding is likely safe, but I don't really see much benefit from this. I think that's the wrong problem to invest time in. Instead, things like the security level interface in "master", (which still needs some polish) are more like the way to go. The cipherlist mini-language is much too subtle for most users. -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org