[patch] more TLS configuration options for nnrpd

Julien ÉLIE julien at trigofacile.com
Wed Nov 12 09:08:10 UTC 2014

Hi Christian,

>> Wasn't my suggestion of paragraph clear enough about that?
> I'm not sure, as I wrote the code and therefore know how it works :-)
>> Or should we change the behaviour of the new keyword?
> We could change the keyword to work like the code, that is,
> to "tlsdisableprotocols". But to me that feels the wrong way 'round.

I do not understand your remark.
With the current code, if we parameter
tlsprotocols: [ TLSv1.2 ]
and we use an OpenSSL version that supports TLSv1, TLSv1.1, TLSv1.2 and 
the protocols that will be available are TLSv1.2 and TLSv1.3 even though
the tlsprotocols parameter only mentions TLSv1.2.

The code will not disable TLSv1.3 as it does not know how to disable it.

So, why aren't you sure about the suggestion of wording?
The parameter does not exactly enable the list.  Newer protocols are out 
of scope
of the parameter.


More information about the inn-workers mailing list