OpenSSL dependency update
Brad Hards
bradh at frogmouth.net
Tue Mar 14 06:28:41 GMT 2006
On Monday 13 March 2006 20:55 pm, George Staikos wrote:
> On Sunday 12 March 2006 05:03, Brad Hards wrote:
> > On Friday 10 March 2006 01:14 am, George Staikos wrote:
> > > For KDE 4 I would like to start requiring a minimum of OpenSSL 0.9.9.
> > > This is for several reasons, but most importantly:
> > > 1) Support of the servername extension
> >
> > This is from RFC3546, right?
>
> Something like that. I am offline right now so I can't check, but it
> sounds right.
I'll take a look. Doesn't seem too hard - gnutls can do it, and I think NSS
can do it too. Any other extensions from RFC3546 that are important to you?
> > > 2) Many security fixes since our last minimum requirement
> >
> > This won't be such an issue with QCA, I hope - the ability to update the
> > providers without causing any compatibility problems is a major goal.
>
> Although it will require a recompile due to OpenSSL's ever-changing ABI.
Only the provider - all the apps should be just fine...
> > > Any objections with reason?
> >
> > Only that I'd like to see it formally released. That changelog link
> > appears to be for HEAD, but doesn't look to have been done as a release
> > yet.
>
> Sorry, I thought that was implied. I will for sure wait until it's
> officially released.
I will be working off a snapshot release in the mean time.
I do have one more question. Is SSLv2 important to you? Any objections to not
supporting it at all (i.e. never used, no access to it) in QCA? I'm liking
the idea of only doing SSLv3, TLS and DTLS, but if there is a need we can
keep SSLv2.
Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20060314/4f0bae3e/attachment.sig>
More information about the kde-core-devel
mailing list