[Info-vax] OpenSSL CSWS-2.2-1
doug80638 at aol.com
doug80638 at aol.com
Tue Jun 4 10:57:41 EDT 2019
"I also feel that the interface to the product should be somehow
compatable rather than needing re-coding to use the newer stuff. Not
sure how easy that might be. "
Easier said than done. Making internal structures opaque that were once directly visible and modifiable precludes forward compatibility.
Silo'd coexisting releases at least allow customers to continue to run their current applications until such time as they can, if ever, update their source code.
"So, whynot some type of configuration tool that can set flags
as to which protocols should be allowed? Default it to TLS3, but allow
when necessary for older protocols to be allowed."
The handshake does this now by connecting to the strongest protocol enabled by both sides. Applications can set options to limit which protocols are available during the handshake. For instance, you can restrict protocols to SSL3 and TLS1.3 and ignore the three TLS versions in between.
More information about the Info-vax
mailing list