[Ach] Apache, Dovecot and other Cipherstrings aren't matching CipherString-B
Aaron Zauner
azet at azet.org
Sun Nov 8 11:10:06 CET 2015
* L. Aaron Kaplan <kaplan at cert.at> [07/11/2015 17:33:03] wrote:
> As I said before - we *had* that.
> It got commited-over ;-)
Even in the part where we had config files around? I didn't see it
in the git history. I thought maybe it was never added there, but I
may have just missed that.
>
> > If we choose to autogenerate those, they really should be checked with
> > some form of continuous integration tooling (jenkins, travis-ci, etc.)
> > and some form of linting.
> >
> Agreed.
>
> >> On the other hand - you are right - there are differences in different OSes/libraries (openssl versions) and clients.
> >> For that we had discussed that the best option would be an automatic testing facility which tests compatibilities.
> >> There seems to be some previous work on this from azet as well as others.
> >> Once these test results are in, we *could* make a cipher string generator on the web page where users can select the OS version, libraries , supported clients and click on “Variant A: a super secure cipher string, no compatibility” or “Variant B: compatible secure cipher string”.
> >>
> >
> > Somebody still needs to do this, nobody volunteered so far. It's a lot
> > of work if we're going to integrate testing.
>
> Well, then it’s time to re-activate our group.
That would be great. I'm happy to participate in regular meetings
again. I'd also be happy to outline a continous integration pipeline
and how it needs to be implemented, I've done so for a couple of
customers in the past - but setting up stuff is the actual work
here, and I currently don't have enough time on my hands for that. I
can provide VMs and a gigabit connection though.
Aaron
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20151108/db778d33/attachment.sig>
More information about the Ach
mailing list