[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] cipher_list string when using OpenSSL
From: |
Tim Rühsen |
Subject: |
Re: [Bug-wget] cipher_list string when using OpenSSL |
Date: |
Fri, 20 Oct 2017 17:08:58 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 |
On 10/19/2017 11:49 AM, Jeffrey Walton wrote:
> On Thu, Oct 19, 2017 at 5:35 AM, Tim Rühsen <address@hidden> wrote:
>> Hi Jeffrey,
>>
>> thanks for heads up !
>>
>> Does OpenSSL meanwhile have a PFS for their cipher list ?
>>
>> Currently it looks like that each and every client has to amend their
>> cipher list from time to time. Instead, this should be done in the
>> library. So that new versions automatically make the client code more
>> secure. GnuTLS does it.
>>
>>
>> That's one reason why we (wget developers) already discussed about
>> dropping OpenSSL support completely. The background is that the OpenSSL
>> code in Wget has no maintainer. We take (small) patches every now and
>> then but there is no expert here for review or active progress.
>>
>> Having your random seeding issue in mind, there seems to be even more
>> reasons to drop that OpenSSL code.
>>
>> If there is someone here who wants to maintain the OpenSSL code of Wget
>> - you are very welcome (Let us know) ! In the meantime I'll ask the
>> other maintainers about their opinion.
>
> Ack, just decide what you want to do. I should not influence the
> project's processes or bikeshed.
That's the wrong attitude. It's an community driven open source project
and every opinion and every input counts !
We will keep OpenSSL code for now - Ander Juaristi is willing to
maintain that code :-)
Regards, Tim
signature.asc
Description: OpenPGP digital signature