[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Additional network security

From: Reiner Steib
Subject: Re: Additional network security
Date: Thu, 18 Dec 2014 22:54:24 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)

Lars Magne Ingebrigtsen wrote:
> Ted Zlatanov <address@hidden> writes:
>> How about extending the GnuTLS priority string to also specify the NSM
>> level, DH bits, etc? So the user would say "NORMAL:NSM(medium,dh=1024)"
>> and we'd cut out all the NSM bits before passing it on to GnuTLS. If
>> there's nothing in the priority string, we'd look at
>> `network-security-level', that would be the out-of-the-box use case.
> I'm not sure we need to allow this to be customised at this fine-grained
> level.  Does Firefox allow that, for instance?

At least there's security.tls.version.min,
security.ssl3.ecdhe_ecdsa_rc4_128_sha, and several other security.*
prefs.  Dunno how these relate to Ted's suggestion.

Bye, Reiner.
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/

reply via email to

[Prev in Thread] Current Thread [Next in Thread]