[Top] [All Lists]

Re: [nmh-workers] Making OpenSSL 1.0.2 minimum version

2019-06-27 12:52:04
Ken Hornstein wrote in <20190627171410.EA24E7B189@pb-smtp21.pobox.com>:
 |>I use that protected via
 |I did see that ... but I also was worried that since OpenSSL makes no
 |guarantees that this define will stick around in the future, depending
 |on that may come back to bite me.  I'd rather simply just put it in
 |unconditionally and force everyone to be using 1.0.0 or newer.

Fair enough.  Though i am afraid that regarding OpenSSL bit rot
will have to be expected; the _CTRL_ series looked the most stable
to me.  Thinking about it, the "ext" in SSL_set_tlsext_host_name
could appear strange in five years from now.  Btw. i was lazy and
simply call this function, even if SSLv3 was still around by
then (more than today): OpenSSL and derivates do not perform any
checks, it is just that the hostname set will be used for SNI if
possible, and not otherwise.  Unlikely this has changed.  (Despite
that noone uses SSLv3 no more.)

|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)


<Prev in Thread] Current Thread [Next in Thread>