What is the idea behind the default configuration of the ssl app?
Ingela Andin
ingela.andin@REDACTED
Mon Jul 27 12:03:48 CEST 2020
måndag 27 juli 2020 skrev Maas-Maarten Zeeman <mmzeeman@REDACTED>:
> Mostly options that can not be set when setting up a socket is options
> that affect some application global resource. In general we strive to have
> secure defaults. And that is the reason behind most of the changes. Many of
> our original defaults where inherited from OpenSSL like 10 years ago.
>
>
> FYI. The default session cache size in openssl is about 20.000 entries for
> at least 19 years according to the documentation.
>
> https://github.com/openssl/openssl/blob/0bc6597d4d1402afd0c5df7855b72b
> df93e98f9d/doc/ssl/SSL_CTX_sess_set_cache_size.pod
>
>
Well many but not all defaults. If I remember correctly our pre OTP-14 ssl
did not have any session reuse options.
We will consider what can be improved. User input is always valuable for
such improvments. So if you have more inputs feel free to share it with us.
Regards Ingela Erlang/OTP team Ericsson AB
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20200727/cf33c6a1/attachment.htm>
More information about the erlang-questions
mailing list