[gnutls-help] User-level visibility of GnuTLS security and tuning
Ted Zlatanov
tzz at lifelogs.com
Thu Dec 11 16:31:44 CET 2014
On Tue, 9 Dec 2014 17:25:28 +0100 Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
NM> (btw. there is no SSL 1.0)
Yup, sorry. So we should definitely not allow it ;)
NM> I think a good approach is to define few understandable policies.
NM> Fedora for example provides LEGACY, DEFAULT and FUTURE. The idea is
NM> that legacy would work with any server providing something better than
NM> plaintext, default a reasonable security level for today's metrics,
NM> and future is a security level with the state of the art encryption
NM> requirements of today.
NM> You may get inspired by the gnutls settings for them:
NM> https://github.com/nmav/fedora-crypto-policies/tree/master/profiles
OK, that's very helpful. So that's an application-level setting that
manages the GnuTLS settings and messaging. That's what Lars has done
with the Emacs `network-security-level' variable, so users just have to
set one thing. We'll stick with that.
Thanks
Ted
More information about the Gnutls-help
mailing list