What is the idea behind the default configuration of the ssl app?

Maas-Maarten Zeeman mmzeeman@REDACTED
Mon Jul 27 11:37:26 CEST 2020


> Mostly options that can not be set when setting up a socket is options that affect some application global resource. In general we strive to have secure defaults. And that is the reason behind most of the changes. Many of our original defaults where inherited from OpenSSL like 10 years ago. 

FYI. The default session cache size in openssl is about 20.000 entries for at least 19 years according to the documentation.

https://github.com/openssl/openssl/blob/0bc6597d4d1402afd0c5df7855b72bdf93e98f9d/doc/ssl/SSL_CTX_sess_set_cache_size.pod <https://github.com/openssl/openssl/blob/0bc6597d4d1402afd0c5df7855b72bdf93e98f9d/doc/ssl/SSL_CTX_sess_set_cache_size.pod>

Kind regards,

Maas-Maarten Zeeman


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20200727/867ebb6a/attachment.htm>


More information about the erlang-questions mailing list