OpenSSL 3.0 vs. SSL 3.0
Christian Heimes
christian at python.org
Thu Feb 28 10:04:55 UTC 2019
On 27/02/2019 19.53, Michael Richardson wrote:
>
> Christian Heimes <christian at python.org> wrote:
> > I'm concerned about the version number of the upcoming major release of
> > OpenSSL. "OpenSSL 3.0" just sounds and looks way too close to "SSL 3.0".
> > It took us more than a decade to teach people that SSL 3.0 is bad and
> > should be avoided in favor of TLS. In my humble opinion, it's
> > problematic and confusing to use "OpenSSL 3.0" for the next major
> > version of OpenSSL and first release of OpenSSL with SSL 3.0 support.
>
> You make a good point which I had not thought about, having exhumed SSLx.y
> From my brain. +5
>
> > You skipped version 2.0 for technical reasons, because (IIRC) 2.0 was
> > used / reserved for FIPS mode. May I suggest that you also skip 3.0 for
> > UX reasons and call the upcoming version "OpenSSL 4.0". That way you can
> > avoid any confusion with SSL 3.0.
>
> Integers are cheap.
> And 4.0 is > 3.0, so (Open)SSL 4.0.0 must be better than SSL3.
Thanks for your support!
I have created PR https://github.com/openssl/openssl/pull/8367 to bump
the version number to 4.0.0.
Christian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190228/106c604b/attachment.sig>
More information about the openssl-users
mailing list