[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Dropping support for openssl 0.9.6?

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Dropping support for openssl 0.9.6?
From: Stefan Behte <Stefan.Behte@xxxxxxx>
Date: Thu, 25 Oct 2007 19:28:16 +0200
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Thu, 25 Oct 2007 13:28:25 -0400
In-reply-to: <20071025161807.GR20802@xxxxxxxxxxxxxx>
References: <20071025161807.GR20802@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.6 (X11/20070805)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello!

> Hi folks,
> 
> We're thinking about dropping support in Tor for openssl 0.9.6.
> 
> (It appears that 0.9.6 was last patched in 2004, meaning it's probably
> quite insecure now.)
Dropping support might be a good idea then.

> Does anybody here still rely on it? Or do you know any common platforms
> that do? Speak up now if this matters to you. :)
No. 0.9.8f!

> We'll probably do a two-stage deprecation, where in the first stage
> new Tors refuse to build with it but still accept connections to/from
> Tors that use it, and in the second stage we assume that it no longer
> exists anywhere.
> 
> --Roger
Sounds OK.

Best regards,

Stefan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHINIvgs5mTaoGZecRAvXZAJ0RRC2KL3DlRnYEDAlSbl99x0wfDACeLEWw
mmJoN1iYPmKrsb5T+mrX0kE=
=SVyv
-----END PGP SIGNATURE-----

References:
- Dropping support for openssl 0.9.6?
  - From: Roger Dingledine

Prev by Author: tor-ctrl v1 - setting bandwidthrate from commandline via controlport and many, many other possibilites...
Next by Author: TunnelDirConns 1
Previous by thread: Dropping support for openssl 0.9.6?
Next by thread: Tor trademark question
Index(es):
- Author
- Thread