[jdev] Securing XMPP
Matthew Wild
mwild1 at gmail.com
Fri Sep 6 22:26:28 UTC 2013
On 6 September 2013 21:43, Matthias Wimmer <m at tthias.eu> wrote:
> Hi Dave,
>
> El 2013-09-06 21:24:39, Dave Cridland escribió:
>> I may be talking rubbish, but shouldn't the server be overriding the
>> client's order by default anyway?
>
> Default is the client's priority list. But as the selection is done by
> the server, you can override this. In GnuTLS this is done with
> %SERVER_PRECEDENCE. I don't know if OpenSSL has a switch for this as
> well.
It does, SSL_OP_CIPHER_SERVER_PREFERENCE:
https://www.openssl.org/docs/ssl/SSL_CTX_set_options.html
It's not clear to me that there is a strong reason for servers to
enable this option, except that clients don't seem particularly
competent at choosing for themselves right now...
Regards,
Matthew
More information about the JDev
mailing list