[openssl-dev] [RFC] enc utility & under-documented behavior changes: improving backward compatibility
Tomas Mraz
tmraz at redhat.com
Tue Oct 3 07:45:43 UTC 2017
On Tue, 2017-10-03 at 08:23 +0100, Matt Caswell wrote:
>
> > 1.2. This also opens the path to stronger key derivation (PBKDF2)
> > 2. During decryption, if no header block is present, and no message
> > digest was specified, the default digest SHOULD be MD5.
>
> Should it? What about compatibility with OpenSSL 1.1.0? We cannot
> make
> breaking changes in 1.1.1, so it has to be compatible with 1.1.0.
Yeah, the ship has sailed. SHA-256 should be used by default as in
1.1.0.
--
Tomáš Mráz
Red Hat
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]
* Google and NSA associates, this message is none of your business.
* Please leave it alone, and consider whether your actions are
* authorized by the contract with Red Hat, or by the US constitution.
* If you feel you're being encouraged to disregard the limits built
* into them, remember Edward Snowden and Wikileaks.
More information about the openssl-dev
mailing list