[openssl-dev] 1.0.1t ?
Matt Caswell
matt at openssl.org
Wed Mar 23 16:36:03 UTC 2016
On 23/03/16 16:00, Suarez, Miguel wrote:
> Hi
>
>
>
> Can you tell me when 1.0.1t release or later will be made available with
> fixes for the following issues (see below).
1.0.1t does not currently have a planned release date. Releases are
scheduled on an as-needed basis, typically (although not always) as a
result of security defects being discovered. We normally only announce a
release date for security fixes a few days in advance.
Matt
>
> Disabling SSLv2 in a default build will break applications we have
> released that depended on SSLv2 by default like release 2.2.29 of
> Apache’s httpd.
>
> We can change our SSL build but would rather have fixes in an official
> release.
>
>
>
> Thanks.
>
>
>
> https://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=CHANGES;h=d4e9887370c8733885851625a72301bc90275b2d;hb=refs/heads/OpenSSL_1_0_1-stable#l5
>
>
>
> 2 OpenSSL CHANGES
>
> 3 _______________
>
> 4
>
> 5 Changes between 1.0.1s and 1.0.1t [xx XXX xxxx]
>
> 6
>
> 7 *) Remove LOW from the DEFAULT cipher list. This removes singles
> DES from the
>
> 8 default.
>
> 9 [Kurt Roeckx]
>
> 10
>
> 11 *) Only remove the SSLv2 methods with the no-ssl2-method option.
> When the
>
> 12 methods are enabled and ssl2 is disabled the methods return NULL.
>
> 13 [Kurt Roeckx]
>
>
>
More information about the openssl-dev
mailing list