[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] [PATCH] PFS runtime check

From: Giuseppe Scrivano
Subject: Re: [Bug-wget] [PATCH] PFS runtime check
Date: Mon, 09 Sep 2013 10:46:20 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)

Tim Ruehsen <address@hidden> writes:

> I don't think, we need a change. Even if the priority string 'PFS' will be 
> backported to e.g. libgnutls 3.1.x, you still need a current Wget to use PFS.
> And the current Wget falls back to 'NORMAL:-RSA' which is exactly the same 
> regarding the used ciphers (even the order is the same).
> The only reason for using the 'PFS' priority string instead of 'NORMAL:-RSA' 
> is to enable future changes to PFS ciphers. This is a forward compatibility, 
> the backward compatibility is given right now.
> Of course there could be a future diversion of 'PFS' and 'NORMAL:-RSA' which 
> is than backported to libgnutls < 3.2.4. But maybe we should talk about this 
> issue than, or the backporters creates a Wget patch for their system !?
> However, here is a patch for your suggestion.
> Should Giuseppe decide about it.

I am mostly following the discussion here, since you have all the
technical details.

I agree with your analysis that it shouldn't be a problem; but on the
other hand, such a change will simply put us on the safe side and
without any side effect.  So I personally have no objection to it :-)

Thanks you both to keep thinking about this.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]