httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Eissing <stefan.eiss...@greenbytes.de>
Subject Re: SSL Policy Definitions
Date Wed, 03 May 2017 12:23:40 GMT

> Am 03.05.2017 um 14:20 schrieb Luca Toscano <toscano.luca@gmail.com>:
> 
> Hi Graham,
> 
> 2017-05-03 14:09 GMT+02:00 Graham Leggett <minfrin@sharp.fm>:
> On 03 May 2017, at 2:01 PM, Stefan Eissing <stefan.eissing@greenbytes.de> wrote:
> 
> > We seem to all agree that a definition in code alone will not be good enough. People
need to be able to see what is actually in effect.
> 
> I think we’re overthinking this.
> 
> We only need to document the settings that SSLSecurityLevel has clearly in our docs,
and make sure that "httpd -L” prints out the exact details so no user need ever get confused.

+1 
Having the definitions listed via command line is good enough for me.

> 
> I think that in this case documentation is not enough since it tends to quickly fall
behind dev commits, plus it would be great for a user to know in a programatic way what are
the runtime settings used for SSL (or just to allow admin to manually check/review them).
>  
> 
> > If we let users define their own classes, it could look like this:
> 
> Immediately we’ve jumped into functionality that is beyond Mr/Mrs Normal
> 
> True, even if the idea looks great I'd focus only on Mr/Mrs Normal for the moment :)

Agreed.


Mime
View raw message