[patch] more TLS configuration options for nnrpd

Julien ÉLIE julien at trigofacile.com
Tue Nov 11 18:03:22 UTC 2014

Just an addition to my previous message:  I believe we should reword the 
documentation for tlsprotocols.  It currently states:

   The list of SSL/TLS protocol versions to support.  Valid protocols are
   B<SSLv2>, B<SSLv3>, B<TLSv1>, B<TLSv1.1> and B<TLSv1.2>.  The default
   value is to only allow TLS protocols:

       tlsprotocols: [ TLSv1 TLSv1.1 TLSv1.2 ]

If TLSv1.3, TLSv2 or any other new protocol is provided by OpenSSL in 
the future, and a version of INN that does not know such a protocol is 
built with that new OpenSSL version, the documentation will be wrong 
because the new protocol will be supported (as it cannot be disabled).

I suggest to add the following paragraph:

   Note that the listed protocols will be enabled only if the OpenSSL
   library INN has been built with supports them.  In case OpenSSL
   supports protocols more recent than TLSv1.2, they will be
   automatically enabled (which anyway is fine regarding security, as
   newer protocols are supposed to be more secure).

Does it sound good, or would you prefer another wording?

Julien ÉLIE

« Confessio est regina probatio. »

More information about the inn-workers mailing list