mintls, maxtls, enclair, and cipher.
Eric S. Raymond
esr at thyrsus.com
Sun Feb 3 19:01:06 UTC 2019
Richard Laager <rlaager at wiktel.com>:
> If "cipher" is for TLS:
OK, that was the idea.
> Rename cipher to ciphers (plural) and add a second one named
> ciphersuites. You'll need two for testing anyway, as OpenSSL takes TLS
> 1.2 and 1.3 cipher specifications separately.
>
> Then those are just done for the final scenario. Note that a single
> cipher name is a valid cipher list, which would force that particular
> cipher. So "ciphers" (plural) is usable exactly identically to how you
> have spec'ed cipher for testing, but is also useful in production.
>
> The documentation should be something like:
> +ciphers+ _string_::
> An OpenSSL cipher list to configure the allowed ciphers for TLS
> versions up to and including TLS 1.2.
>
> +ciphersuites+ _string_::
> An OpenSSL ciphersuite list to configure the allowed ciphersuites for
> TLS 1.3.
I guess it will have to be an empty string that disables encryption.
I will make this change and push.
--
<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
My work is funded by the Internet Civil Engineering Institute: https://icei.org
Please visit their site and donate: the civilization you save might be your own.
More information about the devel
mailing list