Currently, as I understand the use of SSL with Radmind, SSL must be enabled at the server level and the clients must be set up or scripted to use it.
I'd like to see SSL support move to something more like the gzip feature that was added. I'd like to set the server up to accept SSL, perhaps with a minimum and/or maximum level of authorization.
Then, I'd like the clients to be able to negotiate with the server to either use or not use SSL based on what the server expects.
For example, with gzip compression, I can set -Z6 on the Radmind server process. Clients can then use anything up to and including -Z6 with ktcheck and lapply, but they aren't required to use it at all.
I'd like to have a similar setup for SSL. If server is configured to use SSL, possibly with no minimum level but a maximum of -w2, then the client should be able to use or not SSL over the same port defined for that server. For SSL, it might also make sense to set a minimum level for a server.
Log in to post a comment.