oss-sec mailing list archives
Re: feedback requested regarding deprecation of TLS 1.0/1.1
From: Peter Gutmann <pgut001 () cs auckland ac nz>
Date: Thu, 15 Aug 2024 10:49:09 +0000
Hanno Böck <hanno () hboeck de> writes:
My impression of OpenSSL is that it has a strong tendency to ship "bloat", i.e., features that either barely anyone needs, but that still get added ( remember Heartbeat extension?), or that should've been deprecated long ago.
I think it's not so much the fault of OpenSSL per se but more that it ends up as the universal guinea pig for anything a third party wants to play with. I don't know how many research papers I've read presenting some whiz-bang clever idea that says something like "we modified OpenSSL x.yz to add ...". One possible solution would be to have an experimental version of OpenSSL that everyone can play with alongside the production version that minimises clever ideas. Peter.
Current thread:
- Re: feedback requested regarding deprecation of TLS 1.0/1.1, (continued)
- Re: feedback requested regarding deprecation of TLS 1.0/1.1 Clemens Lang (Aug 06)
- Re: feedback requested regarding deprecation of TLS 1.0/1.1 Demi Marie Obenour (Aug 06)
- Re: feedback requested regarding deprecation of TLS 1.0/1.1 Alex Gaynor (Aug 06)
- Re: feedback requested regarding deprecation of TLS 1.0/1.1 Neil Horman (Aug 07)
- Re: feedback requested regarding deprecation of TLS 1.0/1.1 Jan Engelhardt (Aug 06)
- Re: feedback requested regarding deprecation of TLS 1.0/1.1 Duncan Grisby (Aug 08)
- Re: feedback requested regarding deprecation of TLS 1.0/1.1 Mike O'Connor (Aug 14)
- Re: feedback requested regarding deprecation of TLS 1.0/1.1 Pat Gunn (Aug 14)
- Re: feedback requested regarding deprecation of TLS 1.0/1.1 Jacob Bachmeyer (Aug 15)
- Re: feedback requested regarding deprecation of TLS 1.0/1.1 Pat Gunn (Aug 14)
- Re: feedback requested regarding deprecation of TLS 1.0/1.1 Hanno Böck (Aug 15)
- Re: feedback requested regarding deprecation of TLS 1.0/1.1 Peter Gutmann (Aug 15)
- Re: feedback requested regarding deprecation of TLS 1.0/1.1 Jacob Bachmeyer (Aug 16)
- Re: feedback requested regarding deprecation of TLS 1.0/1.1 Jeffrey Walton (Aug 16)
- Re: feedback requested regarding deprecation of TLS 1.0/1.1 Jacob Bachmeyer (Aug 17)
- Re: feedback requested regarding deprecation of TLS 1.0/1.1 Peter Gutmann (Aug 18)
- Re: feedback requested regarding deprecation of TLS 1.0/1.1 Jacob Bachmeyer (Aug 19)
- Re: feedback requested regarding deprecation of TLS 1.0/1.1 Steffen Nurpmeso (Aug 20)
- Re: feedback requested regarding deprecation of TLS 1.0/1.1 Jacob Bachmeyer (Aug 20)