[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Dropping support for openssl 0.9.6?
-----BEGIN PGP SIGNED MESSAGE-----
> Hi folks,
> We're thinking about dropping support in Tor for openssl 0.9.6.
> (It appears that 0.9.6 was last patched in 2004, meaning it's probably
> quite insecure now.)
Dropping support might be a good idea then.
> Does anybody here still rely on it? Or do you know any common platforms
> that do? Speak up now if this matters to you. :)
> We'll probably do a two-stage deprecation, where in the first stage
> new Tors refuse to build with it but still accept connections to/from
> Tors that use it, and in the second stage we assume that it no longer
> exists anywhere.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----