[patch] more TLS configuration options for nnrpd
Julien ÉLIE
julien at trigofacile.com
Wed Nov 12 09:08:10 UTC 2014
Hi Christian,
>> Wasn't my suggestion of paragraph clear enough about that?
>
> I'm not sure, as I wrote the code and therefore know how it works :-)
>
>> Or should we change the behaviour of the new keyword?
>
> We could change the keyword to work like the code, that is,
> to "tlsdisableprotocols". But to me that feels the wrong way 'round.
I do not understand your remark.
With the current code, if we parameter
tlsprotocols: [ TLSv1.2 ]
and we use an OpenSSL version that supports TLSv1, TLSv1.1, TLSv1.2 and
TLSv1.3,
the protocols that will be available are TLSv1.2 and TLSv1.3 even though
the tlsprotocols parameter only mentions TLSv1.2.
The code will not disable TLSv1.3 as it does not know how to disable it.
So, why aren't you sure about the suggestion of wording?
The parameter does not exactly enable the list. Newer protocols are out
of scope
of the parameter.
--
Julien
More information about the inn-workers
mailing list