petreeftime
commented
4 years ago Another option would be to have a more hardened configuration by default, but that might not be a good fit for everyone.
Open petreeftime opened 4 years ago
petreeftime
commented
4 years ago Another option would be to have a more hardened configuration by default, but that might not be a good fit for everyone.
petreeftime
commented
4 years ago I've added a PR that removes a bunch of the weak crypto algorithms that are not directly exposed by the openssl crate: https://github.com/alexcrichton/openssl-src-rs/pull/68.
When compiling this crate there's no way to specify any build configuration for OpenSSL. Being able to specify the build configuration allows building a more hardened version of OpenSSL when some features are not required. This means both no-* configuration flags (for example, no-rc2), as well as -D configuration flags (for example -DOPENSSL_NO_HEARTBEATS). This feature would also need to be made available from the openssl crate.