[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL

From: Ángel González
Subject: Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL
Date: Mon, 07 Jul 2014 22:29:26 +0200
User-agent: Thunderbird

On 07/07/14 21:46, Tomas Hozza wrote:

In Fedora we are moving to a system-wide policy of used
ciphers. [1] Therefore we need wget to be compiled with other
than hard-coded set of ciphers when using OpenSSL.

I'm attaching patch adding new configure option
--with-openssl-ciphers-list=LIST, which can be used
to redefine the ciphers list when compiled with OpenSSL.
It can be used only if --with-ssl=openssl. If not
defined, the previously used (by wget) ciphers list is used.

[1] https://fedoraproject.org/wiki/Changes/CryptoPolicy

Hello Tomas,

Thanks for your patch. Some comments:

You are only changing the override for --secure-protocol=pfs
IMHO this is wrong. --secure-protocol= command line should
override the system policy.

Additionally I would recommend using just --with-ciphers-list=LIST
and make it work with either OpenSSL or GnuTLS (but maybe you
don't need it after all?)

Finally, if you redefine the cipher list on wget code, I think it should
be noted in the output of
 wget --version


reply via email to

[Prev in Thread] Current Thread [Next in Thread]