[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Dropping support for openssl 0.9.6?

Hi folks,

We're thinking about dropping support in Tor for openssl 0.9.6.

(It appears that 0.9.6 was last patched in 2004, meaning it's probably
quite insecure now.)

Does anybody here still rely on it? Or do you know any common platforms
that do? Speak up now if this matters to you. :)

We'll probably do a two-stage deprecation, where in the first stage
new Tors refuse to build with it but still accept connections to/from
Tors that use it, and in the second stage we assume that it no longer
exists anywhere.