From owner-freebsd-security@FreeBSD.ORG  Wed May  2 22:45:32 2012
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 7CA4C106566C
	for <freebsd-security@freebsd.org>;
	Wed,  2 May 2012 22:45:32 +0000 (UTC)
	(envelope-from matt@chronos.org.uk)
Received: from chronos.org.uk (chronos-pt.tunnel.tserv5.lon1.ipv6.he.net
	[IPv6:2001:470:1f08:12b::2])
	by mx1.freebsd.org (Postfix) with ESMTP id C5B968FC16
	for <freebsd-security@freebsd.org>;
	Wed,  2 May 2012 22:45:31 +0000 (UTC)
Received: from workstation1.localnet (workstation1.local.chronos.org.uk
	[IPv6:2001:470:1f09:12b::20]) (authenticated bits=0)
	by chronos.org.uk (8.14.5/8.14.5) with ESMTP id q42MjSMk020405
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <freebsd-security@freebsd.org>; Wed, 2 May 2012 23:45:28 +0100 (BST)
	(envelope-from matt@chronos.org.uk)
X-DKIM: OpenDKIM Filter v2.5.2 chronos.org.uk q42MjSMk020405
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=chronos.org.uk;
	s=mail; t=1335998728;
	bh=EdUdksu7rB5rsU+E4Gng16QHRVZCdLe4vulArsjLeVQ=;
	h=From:To:Subject:Date:References:In-Reply-To;
	b=DEli2GNOy0OGwm3oH5AOo6c9X4Np47WT1FL3w+26e3Hrl+Mys0HnIrAcqI1bzeGm5
	Uuh/hbh8Oo7SSv6PEmDiCkbHnt7THU8HjoQR7wJ/Ffrkkdeo02atmErNvt6sQEa2WY
	N+L6L6wyzM1HbE3vDXsF40lCi14q/qzjDz7Ca2Lc=
From: Matt Dawson <matt@chronos.org.uk>
To: freebsd-security@freebsd.org
Date: Wed, 2 May 2012 23:45:27 +0100
User-Agent: KMail/1.13.7 (FreeBSD/9.0-RELEASE; KDE/4.7.4; amd64; ; )
References: <CA+QLa9Asg0GkKKihhXLwpwOGz1T3u+JWhqo66L0M1denkeBq_Q@mail.gmail.com>
	<201205022201.50506.matt@chronos.org.uk>
	<op.wdpb2rip34t2sn@tech304>
In-Reply-To: <op.wdpb2rip34t2sn@tech304>
X-Face: -a*{KS?gYyH>pt=1?H+(>B2Z'>b6Wx<nttqISnK3]DV8-f*5\dE0ui{)KaSH!((QYyD@
	=?utf-8?q?=7C-Y=0A?=
	B73%!ur~>X:^O@+VaMV>l\tOh@[x`#&AHSdl`m<-EEhk=1%t9iRthI|;
	~8)mN@qxJ}x5l:zhDO( =?utf-8?q?=2Eas=0A?=
	NeO!\oL7huHfsoF'I5,0G+Yo[G-G"FG,l`QJ$IgwH/[\a]vRH^'=`; cY+*_{Or`
MIME-Version: 1.0
Content-Type: Text/Plain;
  charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <201205022345.27904.matt@chronos.org.uk>
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7
	(chronos.org.uk [IPv6:2001:470:1f09:12b::1]);
	Wed, 02 May 2012 23:45:28 +0100 (BST)
X-Spam-Status: No, score=-100.0 required=3.0 tests=BAYES_00,
	DATE_IN_FUTURE_24_48,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,SPF_PASS,
	T_RP_MATCHES_RCVD,USER_IN_WHITELIST autolearn=no version=3.3.2
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	central.local.chronos.org.uk
Subject: Re: OpenSSL and Heimdal
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 02 May 2012 22:45:32 -0000

On Wednesday 02 May 2012 23:14:41 Mark Felder wrote:
> Why go out of your way and use mod_gnutls?

Because it supports TLSv1.[1|2], which was the PP's question, whereas 
OpenSSL doesn't and doesn't show any signs of doing so in the near 
future:

https://www.openssl.org/support/funding/wishlist.html

Note well the "If and when."

IE might be the only client with support for those protocols right now 
but somebody has to lead the way on the server side or you end up with 
a mutual apathy loop (AKA positive can't be arsed feedback loop).
-- 
Matt Dawson
GW0VNR
MTD15-RIPE