Re: [Bug-wget] Wget and Perfect Forward Secrecy

[Ángel González]

On 15/08/13 10:36, Tim Ruehsen wrote:
> I just found that OpenSSL also has a cipher naming convention:
> http://www.openssl.org/docs/apps/ciphers.html
>
> If Wget is compiled with OpenSSL, the user could use these.
> If Wget is compiled with GnuTLS, the user would use GnuTLS option strings.
>
> Maybe a new option like --secure-options=... for expert users would be better
> than recycling --secure-protocol.
> wgetrc should have two settings like secureoptionsgnutls and
> secureoptionsopenssl. For when a user changes these settings and than switches
> between wget-gnutls and wget-openssl. E.g. I sometimes do this for debugging
> or bug hunting or for comparing resource usage.
>
> Beside this 'expert' option, there should be a an 'everyones' option to
> force/enable PFS, using --secure-protocol as I already suggested.
>
> Regards, Tim
Looking at http://www.openssl.org/docs/apps/ciphers.html and
http://gnutls.org/manual/html_node/Priority-Strings.html it looks like 
they are compatible.
Is that right? That way we could use the same argument, even if some 
extended
syntax is only available with one of the cipher libraries.