[openssl-dev] Removing obsolete crypto from OpenSSL 1.1 - seeking feedback
Viktor Dukhovni
openssl-users at dukhovni.org
Fri Nov 13 21:56:25 UTC 2015
On Fri, Nov 13, 2015 at 09:20:47PM +0000, Salz, Rich wrote:
> > Actually deleting algorithms is *very* difficult.
>
> Yes.
>
> And we're doing the best we can by asking reasonably.
>
> Some people may get burnt. Oh well. It's open source, fork if you have to.
What we primarily don't want to happen is to delay the use of
OpenSSL 1.1.0 because it breaks too much.
If we ensure that TLS is free of weak crypto, but (for now) leave
some weaker crypto in the library, so that platforms can deliver
the new libcrypto in /usr/lib and not break existing applications,
I think that's more useful that immediately breaking builds of all
applications that happen to touch legacy crypto.
So I'm trying to help move forward, without creating artificial
barriers. Let's fix TLS (libssl) first, and we can tackle libcrypto
in a later release.
--
Viktor.
More information about the openssl-dev
mailing list