OpenSSL 3.0 vs. SSL 3.0
Christian Heimes
christian at python.org
Wed Feb 27 15:02:32 UTC 2019
Hi,
I'm concerned about the version number of the upcoming major release of
OpenSSL. "OpenSSL 3.0" just sounds and looks way too close to "SSL 3.0".
It took us more than a decade to teach people that SSL 3.0 is bad and
should be avoided in favor of TLS. In my humble opinion, it's
problematic and confusing to use "OpenSSL 3.0" for the next major
version of OpenSSL and first release of OpenSSL with SSL 3.0 support.
You skipped version 2.0 for technical reasons, because (IIRC) 2.0 was
used / reserved for FIPS mode. May I suggest that you also skip 3.0 for
UX reasons and call the upcoming version "OpenSSL 4.0". That way you can
avoid any confusion with SSL 3.0.
Kind regards,
Christian
More information about the openssl-users
mailing list