OpenSSL and Heimdal
Matt Dawson
matt at chronos.org.uk
Thu May 3 08:32:08 UTC 2012
On Thursday 03 May 2012 00:27:51 Gary Palmer wrote:
> Their website is out of date.
As its primary public-facing information portal, I'm tempted to say
that's an important priority to get right. Yes, volunteer project,
etc, but the BSD way of doing things is to choose the tool for the
job. All the visible information available at the time said OpenSSL
wasn't it. I'm still wondering (and will read the blessed changelog
this time) if mod_ssl is at this point since it'll need to expose the
new functionality to httpd.
> This is from CHANGES in OpenSSL
> 1.01a:
>
> Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1:
>
> o TLS/DTLS heartbeat support.
> o SCTP support.
> o RFC 5705 TLS key material exporter.
> o RFC 5764 DTLS-SRTP negotiation.
> o Next Protocol Negotiation.
> o PSS signatures in certificates, requests and CRLs.
> o Support for password based recipient info for CMS.
> o Support TLS v1.2 and TLS v1.1.
> o Preliminary FIPS capability for unvalidated 2.0 FIPS
> module. o SRP support.
>
> Note the 3rd last bullet point.
Again, an important piece of news to be hidden in a changelog.
Although I made an arse of myself by not knowing that, it could be a
little clearer. Thanks for the correction.
--
Matt Dawson
GW0VNR
MTD15-RIPE
More information about the freebsd-security
mailing list