[patch] more TLS configuration options for nnrpd
Julien ÉLIE
julien at trigofacile.com
Tue Nov 11 18:03:22 UTC 2014
Just an addition to my previous message: I believe we should reword the
documentation for tlsprotocols. It currently states:
The list of SSL/TLS protocol versions to support. Valid protocols are
B<SSLv2>, B<SSLv3>, B<TLSv1>, B<TLSv1.1> and B<TLSv1.2>. The default
value is to only allow TLS protocols:
tlsprotocols: [ TLSv1 TLSv1.1 TLSv1.2 ]
If TLSv1.3, TLSv2 or any other new protocol is provided by OpenSSL in
the future, and a version of INN that does not know such a protocol is
built with that new OpenSSL version, the documentation will be wrong
because the new protocol will be supported (as it cannot be disabled).
I suggest to add the following paragraph:
Note that the listed protocols will be enabled only if the OpenSSL
library INN has been built with supports them. In case OpenSSL
supports protocols more recent than TLSv1.2, they will be
automatically enabled (which anyway is fine regarding security, as
newer protocols are supposed to be more secure).
Does it sound good, or would you prefer another wording?
--
Julien ÉLIE
« Confessio est regina probatio. »
More information about the inn-workers
mailing list