[Date Prev][Date Next]
Re: (ITS#5655) add option for setting minimum TLS/SSL protocol
On Thu, 14 Aug 2008, Michael Ströder wrote:
> Philip Guenther wrote:
> > They also have the "SSLProtocol" directive, further down on that page.
> Then I'd vote for doing it exactly like this with one option (space- or
> comma-separated list of protocols).
As I mentioned in the ITS, I think treating the various protocol versions
as independently choosable is a Bad Thing, as it permits broken settings
with no corresponding gain.
That said, it's more important to me that *some* option gets in so that I
(and Sendmail) don't have to maintain forever a patch to add it. If
someone 'official' will make a decision and simply state what the option
should look like in its three forms (C API, ldap.conf, slapd config), I'll
munge the patch to match.