[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Dropping support for openssl 0.9.6?

To: or-talk@xxxxxxxxxxxxx
Subject: Dropping support for openssl 0.9.6?
From: Roger Dingledine <arma@xxxxxxx>
Date: Thu, 25 Oct 2007 12:18:07 -0400
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Thu, 25 Oct 2007 12:18:15 -0400
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mutt/1.5.13 (2006-08-11)

Hi folks,

We're thinking about dropping support in Tor for openssl 0.9.6.

(It appears that 0.9.6 was last patched in 2004, meaning it's probably
quite insecure now.)

Does anybody here still rely on it? Or do you know any common platforms
that do? Speak up now if this matters to you. :)

We'll probably do a two-stage deprecation, where in the first stage
new Tors refuse to build with it but still accept connections to/from
Tors that use it, and in the second stage we assume that it no longer
exists anywhere.

--Roger

Follow-Ups:
- Re: Dropping support for openssl 0.9.6?
  - From: Stefan Behte

Prev by Author: Re: recent rev. take a very long time to get client working
Next by Author: Tor 0.2.0.9-alpha is out
Previous by thread: Re: Spam over Tor
Next by thread: Re: Dropping support for openssl 0.9.6?
Index(es):
- Author
- Thread