[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5655) add option for setting minimum TLS/SSL protocol

On Thu, 14 Aug 2008, Michael Ströder wrote:
> Philip Guenther wrote:
> > They also have the "SSLProtocol" directive, further down on that page.  
> Then I'd vote for doing it exactly like this with one option (space- or
> comma-separated list of protocols).

As I mentioned in the ITS, I think treating the various protocol versions 
as independently choosable is a Bad Thing, as it permits broken settings 
with no corresponding gain.

That said, it's more important to me that *some* option gets in so that I 
(and Sendmail) don't have to maintain forever a patch to add it.  If 
someone 'official' will make a decision and simply state what the option 
should look like in its three forms (C API, ldap.conf, slapd config), I'll 
munge the patch to match.

Philip Guenther