[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] cipher_list string when using OpenSSL

From: Jeffrey Walton
Subject: Re: [Bug-wget] cipher_list string when using OpenSSL
Date: Thu, 19 Oct 2017 05:49:21 -0400

On Thu, Oct 19, 2017 at 5:35 AM, Tim Rühsen <address@hidden> wrote:
> Hi Jeffrey,
> thanks for heads up !
> Does OpenSSL meanwhile have a PFS for their cipher list ?
> Currently it looks like that each and every client has to amend their
> cipher list from time to time. Instead, this should be done in the
> library. So that new versions automatically make the client code more
> secure. GnuTLS does it.
> That's one reason why we (wget developers) already discussed about
> dropping OpenSSL support completely. The background is that the OpenSSL
> code in Wget has no maintainer. We take (small) patches every now and
> then but there is no expert here for review or active progress.
> Having your random seeding issue in mind, there seems to be even more
> reasons to drop that OpenSSL code.
> If there is someone here who wants to maintain the OpenSSL code of Wget
> - you are very welcome (Let us know) ! In the meantime I'll ask the
> other maintainers about their opinion.

Ack, just decide what you want to do. I should not influence the
project's processes or bikeshed.

I favor OpenSSL because I've worked with it for so long, and I have
automated build scripts for it. On the other hand, I can switch to
GnuTLS if needed. I have not done so because its expedient to use
OpenSSL (another way of saying I'm lazy at times).


reply via email to

[Prev in Thread] Current Thread [Next in Thread]