Re: OpenSSL and Heimdal

On Wed, May 02, 2012 at 11:45:27PM +0100, Matt Dawson wrote:
> On Wednesday 02 May 2012 23:14:41 Mark Felder wrote:
> > Why go out of your way and use mod_gnutls?
> 
> Because it supports TLSv1.[1|2], which was the PP's question, whereas 
> OpenSSL doesn't and doesn't show any signs of doing so in the near 
> future:
> 
> https://www.openssl.org/support/funding/wishlist.html
> 
> Note well the "If and when."
> 
> IE might be the only client with support for those protocols right now 
> but somebody has to lead the way on the server side or you end up with 
> a mutual apathy loop (AKA positive can't be arsed feedback loop).

Their website is out of date.  This is from CHANGES in OpenSSL 1.01a:

  Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1:

      o TLS/DTLS heartbeat support.
      o SCTP support.
      o RFC 5705 TLS key material exporter.
      o RFC 5764 DTLS-SRTP negotiation.
      o Next Protocol Negotiation.
      o PSS signatures in certificates, requests and CRLs.
      o Support for password based recipient info for CMS.
      o Support TLS v1.2 and TLS v1.1.
      o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
      o SRP support.

Note the 3rd last bullet point.

Regards,

Gary

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"