[erlang-questions] ERL-823: SSL cipher_suites too limited when compiling with OPENSSL_NO_EC=1
Fred Hebert
mononcqc@REDACTED
Fri Jan 4 17:32:02 CET 2019
On 01/04, Ingela Andin wrote:
>Hi again!
>
>Maybe I should add that using filters where you can access each logical
>part of the cipher suite is a more powerful way to customize cipher suites
>than regular expressions over complex strings.
>Also see ssl User Guide http://erlang.org/doc/search/?q=ssl&x=0&y=0 section
>3.2
>
Agreed, it's more powerful.
But when working with established teams and policies, having a unique
format just for Erlang tends to be problematic as non-standard. In some
places where I've been, if you can't get the security team to approve
the list, you are not greenlit to go to prod.
It's much, much simpler to work with non-erlang folks when we have a way
to more easily communicate and review the lists -- mostly there may just
be a list that will be adopted by all stacks, whether they're Erlang,
Go, C#, ruby, or servers like nginx, and so on.
At least getting the direct mapping between both can be very useful to
validate filtering rules and everything else :)
More information about the erlang-questions
mailing list