Current status of --enable-crypto
Daniel Franke
dfoxfranke at gmail.com
Fri Jan 27 20:23:56 UTC 2017
Where is this notion coming from that OpenSSL is going to drop MD5 or SHA1
support any time soon? That's inconceivable to me.
On Jan 27, 2017 3:21 PM, "Eric S. Raymond" <esr at thyrsus.com> wrote:
> Mark Atwood <fallenpegasus at gmail.com>:
> > We do need to get wacking on the weeds on removing more of this thicket.
>
> Here are our constraints:
>
> * Daniel has stated that he prefers the OpenSSL implementations of MD5 and
> SHA-1. He's our crypto expert, so he gets to make that call and I would
> have no grounds to even argue with it.
>
> * We have beem warned that these might be removed from OpenSSL in the
> unspecified future.
>
> * libsodium does not carry MD5 and SHA-1, and won't for the same reason
> that they might be removed
>
> Therefore, here are our options:
>
> 1. Make OpenSSL a required library and remove the local MD5/SHA-1. Daniel
> gets
> his optimizations, I get to remove code, and all is happy unless the axe
> falls and MD5/SHA-1 are removed from OpenSSL.
>
> 2. Do nothing. OpenSSL remains optional and we're covered against OpenSSL
> yanking those festures.
> --
> <a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
> _______________________________________________
> devel mailing list
> devel at ntpsec.org
> http://lists.ntpsec.org/mailman/listinfo/devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20170127/40fff9e2/attachment.html>
More information about the devel
mailing list