[Epic] GnuTLS support #259
Comments
|
HandlebarJS might not be the best choice. At a certain point it may be easier to write the logic directly in javascript. GnuTLS priority strings are easier to construct with a language like javascript than to contort through more limited HandlebarJS templating directives. |
|
The actual value for render would almost certainly be constructed within the js app and only passed to the output object for templates to (conditionally) use. Where I am not sure considering the templating logic is, whether we'll be able to deliver both OpenSSL and GnuTLS options within a single config (given the lib used is defined for each template) without some UI & settings refactoring, or monkey patching one implementation atop the other if we only keep one defined in the configs. (Compare to e.g. OpenSSL vs. JSSE implementations, where both IANA and OpenSSL input is understood, validated, and iterated over being translated to the underlying api by the server, making that issue opaque to us, allowing to just emit one config and let the server adapt the values for the actual implementation eventually used.) The biggest challenge is whether the existing json data provide enough surface to even derive the possible priority strings. (It's super tricky to get them right, and I don't even know how well would they work across different systems. But that would definitely make an important addition to have that available here as a boilerplate.) |
|
Ah, yeah there's But the more I think of it, the less I'm sure we should invent the priority strings here — I'd say they ought to be defined directly in the recommendations, as a counterpart to the other configs, and only consumed here afterwards. |
This is a meta issue tracking the feasibility of supporting GnuTLS configurations either in the same template, or a separate template — to assess whether the current recommendations can be adapted to the necessary priority strings, able to redefine OS-level defaults etc. to apply meaningfully and in a predictable consistent way.
Config compatibility
The text was updated successfully, but these errors were encountered: