Hello,
the package for the small web server Webfs has had SSL-support inactivated
at least since July 2006, when #395873 began discussing migration to GnuTLS.
Nothing ever happened, but now, having recently adopted the package, I am
prepared to submit a new packaging of Webfs that does activate SSL/TLS
by linking against GnuTLS.
There are two matters on which I could use some advisory comments.
First off, is there some group or individual that has stated a willingness
to perform a pre-release examination, in order that a GnuTLS-migration does
not introduce security breaches, that had better be accounted for before
any public package release? Or is the scrutiny during unstable and testing
phases deemed sufficient?
Secondly, my implementation uses a few compiler macros to enable an
independent administrator to recompile the package with costumized
settings. My present intention is to use code equivalent to
#define WEBFS_CIPHERS "SECURE256"
#undefine USE_TLS_COMPATIBILITY
influensing code snippets
gnutls_priority_init(&tls_priority_cache, WEBFS_CIPHERS, NULL);
and
#ifdef USE_TLS_COMPATIBILITY
gnutls_session_enable_compatibility_mode(client_session);
#endif
Bearing in mind the behaviour of different webb clients, could there
be relevant reasons to relax these to "NORMAL", and a default activation
of compatibility mode? My initial impulse is to refrain from this.
Best regards (I would welcome a CC:ed reply)
--
Mats Erik Andersson, fil. dr
Abbonerar på: debian-mentors, debian-devel-games, debian-perl, debian-ipv6
Attachment:
signature.asc
Description: Digital signature