|
|
|
|
|
|
by crest
4046 days ago
|
|
|
RSA with DHE or ECDHE is a sane handshake. I would avoid DSA and ECDSA based key exchanges because they fail catastrophically with bad random number generators. For most APIs session caching is more important than a faster initial handshake. The HTTPS only choice would annoy me a lot because I run most HTTPS services in behind a reverse proxy in a FreeBSD jail on the same host. HA proxy and nginx are still superior to most applications in regard to reliable TLS termination. Using HTTPS by default a the right choice for a new project but offering no HTTP support (outside of a benchmark) patronizes the user. All in all this looks like a nice way to export C APIs through HTTPS. |
|
|
I agree the BENCHMARK build option is a bit confusing. I might end up renaming it altogether.