Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL

[Tomas Hozza]

----- Original Message -----
> On 17/07/14 13:49, Tomas Hozza wrote:
> > I agree. The patch didn't take any configuration possibility from the user.
> > The users would be able to configure whatever in the same way they were
> > before.
> >
> > Please really see some of those patches I sent. The discussion was little
> > bit confusing at some points ~ like the intentions were interpreted
> > differently.
> >
> > Regards,
> 
> I still strongly oppose to the patch. If the user configures wget to
> only use Perfect
> Forward Security, and your patch makes wget connect to a server not
> using it you
> are overriding user configuration (in the weakening direction).
> See my last email for details.

I still didn't manage to look at this closer. However I agree with you
this is not good. Thank you for pointing this out!

I already contacted the Fedora Feature owner (who is proposing these
changes) and will not try to change ciphers list until he comments on
this issue. This issue could have much broader impact than just on wget.
 
> Patch v3 also seem to coalesce the different options of
> --secure-protocol if using
> GnuTLS, which IMHO doesn't make sense either.

I kind of agree.

> PS: s/cipers/ciphers/ in v3

Thanks.
 

Regards,
-- 
Tomas Hozza
Software Engineer - EMEA ENG Developer Experience

PGP: 1D9F3C2D
Red Hat Inc.                               http://cz.redhat.com