Re: [Maria-developers] [Commits] 97037da: Replace static usage of AES_CTR with current encryption algorithm.
I don't get it. Why is example_key_management_plugin special here? If
you're going to support "none", why not here as well?
This is exactly similar to file_key_management_plugin i.e. do not initialize if NONE.
Heh, okay.
+
+ my_aes_init_dynamic_encrypt(current_aes_dynamic_method);
Isn't this redundant? It should already be initialized by the call in init_server_components...
Maybe, but what if you load this plugin after server has started ?
Why would it matter? Unless I miss something, my_aes_encrypt_dynamic/my_aes_decrypt_dynamic are global. But the whole encryption_algorithm stuff seems not well thought out in any case. Regards, Jeremy
Hi Am 17.03.2015 um 19:18 schrieb Jeremy Cole:
But the whole encryption_algorithm stuff seems not well thought out in any case
there was a recent thread on the orcle list today it's sad that ECHDE / AES-GCM / SHA256 are not working at all currently only DHE-RSA-AES128-SHA / DHE-RSA-AES256-SHA are working with forward secrecy at all while CBC instead GCM should be avoided beause security as well as performance on modern CPU's ssl-cipher = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:RSA-AES256-SHA
participants (2)
-
Jeremy Cole -
Reindl Harald