NTS client configuration support has landed

Eric S. Raymond esr at thyrsus.com
Sat Feb 2 08:06:23 UTC 2019


Gary E. Miller via devel <devel at ntpsec.org>:
> > Would somebody dig me up lists of the cipher names?
> 
>     openssl ciphers -v | fgerp TLS
> 
> Which is incomplete since Gentoo, like almost all distros, does not
> implement TLS 1.3.  Also incomplete as I have not looked up the AEAD
> ciphers which are also different.
> 
> These ciphers are very dynamic.  In time, by distro, by install options,
> and by user configuration.  They should not be hard coded We can punt
> and just feed the lists to OpenSSL and have that tell us which are valid
> at this exact moment and place.

I think there is the germ of a really good idea in what you just said.

Remember my design rule for GPSD?  Never configure what you can
discover.

Can we toss out these cipher config options in favor of a mechanism that
*discovers* what the available cipher are and does the right thing?
-- 
		<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>

My work is funded by the Internet Civil Engineering Institute: https://icei.org
Please visit their site and donate: the civilization you save might be your own.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190202/f5434492/attachment.bin>


More information about the devel mailing list