OpenSSL 3.0 vs. SSL 3.0
Michael Richardson
mcr at sandelman.ca
Wed Feb 27 18:53:46 UTC 2019
Christian Heimes <christian at python.org> wrote:
> I'm concerned about the version number of the upcoming major release of
> OpenSSL. "OpenSSL 3.0" just sounds and looks way too close to "SSL 3.0".
> It took us more than a decade to teach people that SSL 3.0 is bad and
> should be avoided in favor of TLS. In my humble opinion, it's
> problematic and confusing to use "OpenSSL 3.0" for the next major
> version of OpenSSL and first release of OpenSSL with SSL 3.0 support.
You make a good point which I had not thought about, having exhumed SSLx.y
From my brain. +5
> You skipped version 2.0 for technical reasons, because (IIRC) 2.0 was
> used / reserved for FIPS mode. May I suggest that you also skip 3.0 for
> UX reasons and call the upcoming version "OpenSSL 4.0". That way you can
> avoid any confusion with SSL 3.0.
Integers are cheap.
And 4.0 is > 3.0, so (Open)SSL 4.0.0 must be better than SSL3.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | IoT architect [
] mcr at sandelman.ca http://www.sandelman.ca/ | ruby on rails [
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190227/9dfc2d66/attachment.sig>
More information about the openssl-users
mailing list