mintls, maxtls, enclair, and cipher.

Richard Laager rlaager at wiktel.com
Sun Feb 3 12:42:24 UTC 2019


Typo "addresa" -> "address"
  numeric address, an IPv6 numeric addresa (in square brackets).


If cipher is for NTP, I think you should rename it to ntpcipher (or
ntpciphers). Or just drop it, since you're almost certainly only going
to implement AES-SIV-CMAC for first ship. (And possibly that'll be the
only NTP cipher implemented any time soon.)


If "cipher" is for TLS:

Rename cipher to ciphers (plural) and add a second one named
ciphersuites. You'll need two for testing anyway, as OpenSSL takes TLS
1.2 and 1.3 cipher specifications separately.

Then those are just done for the final scenario. Note that a single
cipher name is a valid cipher list, which would force that particular
cipher. So "ciphers" (plural) is usable exactly identically to how you
have spec'ed cipher for testing, but is also useful in production.

The documentation should be something like:
+ciphers+ _string_::
  An OpenSSL cipher list to configure the allowed ciphers for TLS
versions up to and including TLS 1.2.

+ciphersuites+ _string_::
  An OpenSSL ciphersuite list to configure the allowed ciphersuites for
TLS 1.3.

-- 
Richard


More information about the devel mailing list