|
| From: | Ángel González |
| Subject: | Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL |
| Date: | Mon, 07 Jul 2014 22:29:26 +0200 |
| User-agent: | Thunderbird |
On 07/07/14 21:46, Tomas Hozza wrote:
Hi. In Fedora we are moving to a system-wide policy of used ciphers. [1] Therefore we need wget to be compiled with other than hard-coded set of ciphers when using OpenSSL. I'm attaching patch adding new configure option --with-openssl-ciphers-list=LIST, which can be used to redefine the ciphers list when compiled with OpenSSL. It can be used only if --with-ssl=openssl. If not defined, the previously used (by wget) ciphers list is used. [1] https://fedoraproject.org/wiki/Changes/CryptoPolicy Regards,
Hello Tomas, Thanks for your patch. Some comments: You are only changing the override for --secure-protocol=pfs IMHO this is wrong. --secure-protocol= command line should override the system policy. Additionally I would recommend using just --with-ciphers-list=LIST and make it work with either OpenSSL or GnuTLS (but maybe you don't need it after all?) Finally, if you redefine the cipher list on wget code, I think it should be noted in the output of wget --version Regards
| [Prev in Thread] | Current Thread | [Next in Thread] |