[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] cipher_list string when using OpenSSL
|
From: |
Jeffrey Walton |
|
Subject: |
Re: [Bug-wget] cipher_list string when using OpenSSL |
|
Date: |
Thu, 19 Oct 2017 05:49:21 -0400 |
On Thu, Oct 19, 2017 at 5:35 AM, Tim Rühsen <address@hidden> wrote:
> Hi Jeffrey,
>
> thanks for heads up !
>
> Does OpenSSL meanwhile have a PFS for their cipher list ?
>
> Currently it looks like that each and every client has to amend their
> cipher list from time to time. Instead, this should be done in the
> library. So that new versions automatically make the client code more
> secure. GnuTLS does it.
>
>
> That's one reason why we (wget developers) already discussed about
> dropping OpenSSL support completely. The background is that the OpenSSL
> code in Wget has no maintainer. We take (small) patches every now and
> then but there is no expert here for review or active progress.
>
> Having your random seeding issue in mind, there seems to be even more
> reasons to drop that OpenSSL code.
>
> If there is someone here who wants to maintain the OpenSSL code of Wget
> - you are very welcome (Let us know) ! In the meantime I'll ask the
> other maintainers about their opinion.
Ack, just decide what you want to do. I should not influence the
project's processes or bikeshed.
I favor OpenSSL because I've worked with it for so long, and I have
automated build scripts for it. On the other hand, I can switch to
GnuTLS if needed. I have not done so because its expedient to use
OpenSSL (another way of saying I'm lazy at times).
Jeff