openssl from ports

Matthew Seaman m.seaman at
Sat Mar 3 12:49:31 UTC 2012

On 03/03/2012 12:19, Jerry wrote:
> On Fri, 02 Mar 2012 23:43:32 +0000
> Matthew Seaman articulated:
>> Stable/9, but this hasn't changed in 9.0-RELEASE:
>> worm:~:# /usr/bin/openssl version
>> OpenSSL 0.9.8q 2 Dec 2010
> Matthew, why does FreeBSD continue to use an older version of OPENSSL
> for the base system when a newer version is available? While I could
> understand, even if not fully approve the use of an older version in
> the same major version, its continues use as the de facto standard in an
> entirely new major version release is counter productive. There have
> been many improvements in the 1.x release of OPENSSL so I fail to see
> the logical use of the older version. If anything, they (the FreeBSD
> developers) could keep this older version available in the ports system
> and use the newer version as the default in the base system.

Unfortunately I can't answer that.  I'm not in any position to decide
such things.

However I can hazard a guess at some of the possible reasons:

   * openssl API changes between 0.9.x and 1.0.0 mean updating the
     shlibs is not a trivial operation, and it was judged that the
     benefits obtained from updating did not justify the effort.

   * no one had any time to import the new version.  There's plenty of
     security-critical stuff depending on openssl, and making sure all
     of that didn't suffer from any regressions is not a trivial job.

   * simply that no one thought of doing the upgrade.



Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP:     Ramsgate
JID: matthew at               Kent, CT11 9PW

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 267 bytes
Desc: OpenPGP digital signature
Url :

More information about the freebsd-questions mailing list