bug-wget
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] Wget and Perfect Forward Secrecy

From: Tim Rühsen
Subject: Re: [Bug-wget] Wget and Perfect Forward Secrecy
Date: Fri, 16 Aug 2013 22:08:12 +0200
User-agent: KMail/4.10.5 (Linux/3.10-2-amd64; KDE/4.10.5; x86_64; ; ) 
Am Freitag, 16. August 2013, 01:21:08 schrieb Ángel González:
> On 15/08/13 10:36, Tim Ruehsen wrote:
> > I just found that OpenSSL also has a cipher naming convention:
> > http://www.openssl.org/docs/apps/ciphers.html
> > 
> > If Wget is compiled with OpenSSL, the user could use these.
> > If Wget is compiled with GnuTLS, the user would use GnuTLS option strings.
> > 
> > Maybe a new option like --secure-options=... for expert users would be
> > better than recycling --secure-protocol.
> > wgetrc should have two settings like secureoptionsgnutls and
> > secureoptionsopenssl. For when a user changes these settings and than
> > switches between wget-gnutls and wget-openssl. E.g. I sometimes do this
> > for debugging or bug hunting or for comparing resource usage.
> > 
> > Beside this 'expert' option, there should be a an 'everyones' option to
> > force/enable PFS, using --secure-protocol as I already suggested.
> > 
> Looking at http://www.openssl.org/docs/apps/ciphers.html and
> http://gnutls.org/manual/html_node/Priority-Strings.html it looks like
> they are compatible.
> Is that right? That way we could use the same argument, even if some
> extended
> syntax is only available with one of the cipher libraries.

Hmmm, I really can't see any compatibility in the cipher naming conventions.
http://backreference.org/2009/11/18/openssl-vs-gnutls-cipher-names/

But the separator : and +/- to add/remove ciphers is the same.

Regards, Tim

Attachment: signature.asc
Description: This is a digitally signed message part.

reply via email to
[Prev in Thread] Current Thread [Next in Thread]