Date: Wed, 2 May 2012 19:27:51 -0400 From: Gary Palmer <gpalmer@freebsd.org> To: Matt Dawson <matt@chronos.org.uk> Cc: freebsd-security@freebsd.org Subject: Re: OpenSSL and Heimdal Message-ID: <20120502232751.GB50127@in-addr.com> In-Reply-To: <201205022345.27904.matt@chronos.org.uk> References: <CA%2BQLa9Asg0GkKKihhXLwpwOGz1T3u%2BJWhqo66L0M1denkeBq_Q@mail.gmail.com> <201205022201.50506.matt@chronos.org.uk> <op.wdpb2rip34t2sn@tech304> <201205022345.27904.matt@chronos.org.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, May 02, 2012 at 11:45:27PM +0100, Matt Dawson wrote: > On Wednesday 02 May 2012 23:14:41 Mark Felder wrote: > > Why go out of your way and use mod_gnutls? > > Because it supports TLSv1.[1|2], which was the PP's question, whereas > OpenSSL doesn't and doesn't show any signs of doing so in the near > future: > > https://www.openssl.org/support/funding/wishlist.html > > Note well the "If and when." > > IE might be the only client with support for those protocols right now > but somebody has to lead the way on the server side or you end up with > a mutual apathy loop (AKA positive can't be arsed feedback loop). Their website is out of date. This is from CHANGES in OpenSSL 1.01a: Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1: o TLS/DTLS heartbeat support. o SCTP support. o RFC 5705 TLS key material exporter. o RFC 5764 DTLS-SRTP negotiation. o Next Protocol Negotiation. o PSS signatures in certificates, requests and CRLs. o Support for password based recipient info for CMS. o Support TLS v1.2 and TLS v1.1. o Preliminary FIPS capability for unvalidated 2.0 FIPS module. o SRP support. Note the 3rd last bullet point. Regards, Gary
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120502232751.GB50127>