Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 2 May 2012 19:53:01 -0400
From:      Robert Simmons <rsimmons0@gmail.com>
To:        freebsd-security@freebsd.org
Subject:   Re: OpenSSL and Heimdal
Message-ID:  <CA%2BQLa9DYKm71TXdDLZT%2Br1ia0qHMRD_XxhAHF7%2BODKh5P9Vr6A@mail.gmail.com>
In-Reply-To: <20120502232751.GB50127@in-addr.com>
References:  <CA%2BQLa9Asg0GkKKihhXLwpwOGz1T3u%2BJWhqo66L0M1denkeBq_Q@mail.gmail.com> <201205022201.50506.matt@chronos.org.uk> <op.wdpb2rip34t2sn@tech304> <201205022345.27904.matt@chronos.org.uk> <20120502232751.GB50127@in-addr.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, May 2, 2012 at 7:27 PM, Gary Palmer <gpalmer@freebsd.org> wrote:
> On Wed, May 02, 2012 at 11:45:27PM +0100, Matt Dawson wrote:
>> On Wednesday 02 May 2012 23:14:41 Mark Felder wrote:
>> > Why go out of your way and use mod_gnutls?
>>
>> Because it supports TLSv1.[1|2], which was the PP's question, whereas
>> OpenSSL doesn't and doesn't show any signs of doing so in the near
>> future:
>>
>> https://www.openssl.org/support/funding/wishlist.html
>>
>> Note well the "If and when."
>>
>> IE might be the only client with support for those protocols right now
>> but somebody has to lead the way on the server side or you end up with
>> a mutual apathy loop (AKA positive can't be arsed feedback loop).
>
> Their website is out of date. =A0This is from CHANGES in OpenSSL 1.01a:
>
> =A0Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1:
>
> =A0 =A0 =A0o TLS/DTLS heartbeat support.
> =A0 =A0 =A0o SCTP support.
> =A0 =A0 =A0o RFC 5705 TLS key material exporter.
> =A0 =A0 =A0o RFC 5764 DTLS-SRTP negotiation.
> =A0 =A0 =A0o Next Protocol Negotiation.
> =A0 =A0 =A0o PSS signatures in certificates, requests and CRLs.
> =A0 =A0 =A0o Support for password based recipient info for CMS.
> =A0 =A0 =A0o Support TLS v1.2 and TLS v1.1.
> =A0 =A0 =A0o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
> =A0 =A0 =A0o SRP support.
>
> Note the 3rd last bullet point.

Another reason to update the version in FreeBSD to 1.0.1b.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BQLa9DYKm71TXdDLZT%2Br1ia0qHMRD_XxhAHF7%2BODKh5P9Vr6A>