Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL

[Tomas Hozza]

----- Original Message -----
> Tomas Hozza <address@hidden> writes:
> 
> >> What do you think about extending --secure-protocol and having a runtime
> >> option instead of a compile time option ? Users could set the system wide
> >> default value in /etc/wgetrc and people are able to override it through
> >> ~/.wgetrc or --secure-protocol.
> >
> > Hi Tim.
> >
> > I'm afraid this is not suitable for us. We need to be able to define the
> > policy somewhere in /etc, where the user is not able to change it (only
> > the system administrator).
> >
> > Also the main intention to have a single place to set the policy for all
> > system components, therefore wgetrc is not the right place for us.
> >
> > Regards,
> 
> how would the policy defined in /etc be used by wget?  Is wget going to
> be recompiled if the policy is changed by root?
> 

Hi Giuseppe.

It will be used by OpenSSL. So there will be no need to recompile wget.
Wget will be compiled with ciphers list string saying to OpenSSL, that
it should use system-defined ciphers.

I'm CC-ing the Fedora change owner to clarify the approach further if needed.

Regards,
-- 
Tomas Hozza
Software Engineer - EMEA ENG Developer Experience

PGP: 1D9F3C2D
Red Hat Inc.                               http://cz.redhat.com