[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] Wget and Perfect Forward Secrecy

From: Ángel González
Subject: Re: [Bug-wget] Wget and Perfect Forward Secrecy
Date: Fri, 16 Aug 2013 01:21:08 +0200
User-agent: Thunderbird

On 15/08/13 10:36, Tim Ruehsen wrote:
I just found that OpenSSL also has a cipher naming convention:

If Wget is compiled with OpenSSL, the user could use these.
If Wget is compiled with GnuTLS, the user would use GnuTLS option strings.

Maybe a new option like --secure-options=... for expert users would be better
than recycling --secure-protocol.
wgetrc should have two settings like secureoptionsgnutls and
secureoptionsopenssl. For when a user changes these settings and than switches
between wget-gnutls and wget-openssl. E.g. I sometimes do this for debugging
or bug hunting or for comparing resource usage.

Beside this 'expert' option, there should be a an 'everyones' option to
force/enable PFS, using --secure-protocol as I already suggested.

Regards, Tim
Looking at http://www.openssl.org/docs/apps/ciphers.html and
http://gnutls.org/manual/html_node/Priority-Strings.html it looks like they are compatible. Is that right? That way we could use the same argument, even if some extended
syntax is only available with one of the cipher libraries.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]