Anything in this story of concern?
Jonathan Anderson
jonathan at FreeBSD.org
Mon Sep 9 12:35:05 UTC 2013
On Monday, 9 September 2013 at 08:34, Poul-Henning Kamp wrote:
> And BTW: That XXX comment is 10 years old.
>
> No, I say with conviction, based on personal inspection and experience,
> that OpenSSL is crap.
>
> And as Garrett Wollman correctly pointed out on twitter: It remains
> yet to be seen if any implementation of SSL/TLS can be non-crap,
> given that they are stuck with X.509.
And you're stuck with the old, vulnerable OpenSSL in your BMC, that old router you've never gotten around to replacing, etc. I'm no fan of the OpenSSL API either, but it is possible to fix vulnerabilities when they arise; the much bigger problem is the set of vulnerabilities that you can't patch.
Jon
--
Jonathan Anderson
jonathan at FreeBSD.org
More information about the freebsd-security
mailing list