On 3 May 2014 22:42, Thiago Macieira <thiago.macie...@intel.com> wrote:
> Em sáb 03 maio 2014, às 22:23:30, Richard Moore escreveu: > > Simplifying the Cipher API > > ========================== > > > > Currently, the QSslCipher API is pretty large. It's not simply the > > code in the QSslCipher class itself, but also all the stuff in the > > QSslConfiguration that defines the preferences. Instead, we could > > offer a simplified API that all backends must offer. So, for example > > we could have something as simple as High, Medium and Low! After all, > > most people (including developers) don't know the trade-offs of the > > different cipher suites anyway. We could also have a flag for perfect > > forward secrecy since that is independent of the strength. It would > > also be possible to have a setting like FIPS for people who care about > > that. > > High, Medium and Low convey no meaning. Why should I choose "low security"? > > What I was thinking was that this would specify if weak ciphers etc. should be enabled. In general you'd end up with the strongest cipher the server supports anyway, but if you'd set the security to 'low' then you'd be able to connect to servers that only support low strength ciphers. ie. this would be a setting for the minimum acceptable cipher strength. > I'd say that we should either provide no choice in choosing the ciphers, > or at > most provide certain implementation details like allowing or disallowing > ciphers without perfect forward secrecy and a choice of ciphers that are > FIPS- > certified. > > That would be possible, yeah. Rich.
_______________________________________________ Development mailing list Development@qt-project.org http://lists.qt-project.org/mailman/listinfo/development
