[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL

From: Tim Rühsen
Subject: Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL
Date: Tue, 08 Jul 2014 19:52:58 +0200
User-agent: KMail/4.12.4 (Linux/3.14-1-amd64; KDE/4.13.1; x86_64; ; )

Am Dienstag, 8. Juli 2014, 16:57:35 schrieb Giuseppe Scrivano:
> Tomas Hozza <address@hidden> writes:
> >> What do you think about extending --secure-protocol and having a runtime
> >> option instead of a compile time option ? Users could set the system wide
> >> default value in /etc/wgetrc and people are able to override it through
> >> ~/.wgetrc or --secure-protocol.
> > 
> > Hi Tim.
> > 
> > I'm afraid this is not suitable for us. We need to be able to define the
> > policy somewhere in /etc, where the user is not able to change it (only
> > the system administrator).
> > 
> > Also the main intention to have a single place to set the policy for all
> > system components, therefore wgetrc is not the right place for us.
> > 
> > Regards,
> how would the policy defined in /etc be used by wget?  Is wget going to
> be recompiled if the policy is changed by root?

Also there is still Ángel's remark: your change only applies to --secure-
protocol=PFS. But you also answered to my posting that user should not be able 
to change it... but they can by using e.g. --secure-protocol=TLSv1 or by doing 
settings in ~/.wgetrc.

Maybe you could explain a bit more detailed what you want to do and what you 
expect Wget to do in a Redhat compilation. We really want to help you out.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]