Current status of --enable-crypto

Daniel Franke dfoxfranke at gmail.com
Fri Jan 27 20:23:56 UTC 2017


Where is this notion coming from that OpenSSL is going to drop MD5 or SHA1
support any time soon? That's inconceivable to me.

On Jan 27, 2017 3:21 PM, "Eric S. Raymond" <esr at thyrsus.com> wrote:

> Mark Atwood <fallenpegasus at gmail.com>:
> > We do need to get wacking on the weeds on removing more of this thicket.
>
> Here are our constraints:
>
> * Daniel has stated that he prefers the OpenSSL implementations of MD5 and
>   SHA-1. He's our crypto expert, so he gets to make that call and I would
>   have no grounds to even argue with it.
>
> * We have beem warned that these might be removed from OpenSSL in the
>   unspecified future.
>
> * libsodium does not carry MD5 and SHA-1, and won't for the same reason
>   that they might be removed
>
> Therefore, here are our options:
>
> 1. Make OpenSSL a required library and remove the local MD5/SHA-1.  Daniel
> gets
>    his optimizations, I get to remove code, and all is happy unless the axe
>    falls and MD5/SHA-1 are removed from OpenSSL.
>
> 2. Do nothing.  OpenSSL remains optional and we're covered against OpenSSL
>    yanking those festures.
> --
>                 <a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
> _______________________________________________
> devel mailing list
> devel at ntpsec.org
> http://lists.ntpsec.org/mailman/listinfo/devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20170127/40fff9e2/attachment.html>


More information about the devel mailing list