OpenSSL dependency update

Brad Hards bradh at frogmouth.net
Tue Mar 14 06:28:41 GMT 2006


On Monday 13 March 2006 20:55 pm, George Staikos wrote:
> On Sunday 12 March 2006 05:03, Brad Hards wrote:
> > On Friday 10 March 2006 01:14 am, George Staikos wrote:
> > > For KDE 4 I would like to start requiring a minimum of OpenSSL 0.9.9.
> > > This is for several reasons, but most importantly:
> > > 1) Support of the servername extension
> >
> > This is from RFC3546, right?
>
>   Something like that.  I am offline right now so I can't check, but it
> sounds right.
I'll take a look. Doesn't seem too hard - gnutls can do it, and I think NSS 
can do it too. Any other extensions from RFC3546 that are important to you?

> > > 2) Many security fixes since our last minimum requirement
> >
> > This won't be such an issue with QCA, I hope - the ability to update the
> > providers without causing any compatibility problems is a major goal.
>
>   Although it will require a recompile due to OpenSSL's ever-changing ABI.
Only the provider - all the apps should be just fine...

> > > Any objections with reason?
> >
> > Only that I'd like to see it formally released. That changelog link
> > appears to be for HEAD, but doesn't look to have been done as a release
> > yet.
>
>   Sorry, I thought that was implied.  I will for sure wait until it's
> officially released.
I will be working off a snapshot release in the mean time.

I do have one more question. Is SSLv2 important to you? Any objections to not 
supporting it at all (i.e. never used, no access to it) in QCA? I'm liking 
the idea of only doing SSLv3, TLS and DTLS, but if there is a need we can 
keep SSLv2.

Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20060314/4f0bae3e/attachment.sig>


More information about the kde-core-devel mailing list