Thanks - but to follow the principle of least surprise, shouldn't the
config default to HIGH, which is the current default? I don't claim
to know how openssl makes its decisions about what algorithms are
blessed with what level of security, but it strikes me we should
either use HIGH (which is what we had before), or DEFAULT (which is
openssl's default). And certainly the sample config file should refer
to the default that comes from the config file as well ;), as
currently we have:
# Override MEDIUM security... bla bla bla
HIGH
Those accessor methods are a neat little trick / ugly little hack.
New one on me.
Cheers,
B
On Oct 4, 2006, at 9:42 AM, John Peacock wrote:
Brian Szymanski wrote:
plugins/tls uses only ciphers that openssl considers to be "high
security". While this is a Good Thing, I found that one client I
need (versamail 3.x) needs ciphers not classified by openssl as
"high security" (specifically, it needs either RC4-SHA or RC5-
MD5). I wouldn't be surprised if other folks run into this
problem, so I wrote a little patch that allows for a config/
tls_ciphers that takes strings of the format described in http://
www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS, and passes
it straight to IO::Socket::SSL.
Thanks. I committed something similar in r663. All of the TLS
options are static after init(), so I looked it up once and stored
it alongside the other tls_* options. Also, when adding a new
config file option, we like to put a sample file in config.sample/*.
John
---
Brian Szymanski
[EMAIL PROTECTED]
