Current status of --enable-crypto

[Mark Atwood]

OpenSSL is not going to drop them anytime soon.  if/when they do, we can
add back inline support in better understood ways.

Daniel, if we make OpenSSL a requirement, can we drop libsodium?

Daniel, which rev of OpenSSL should we require?  (Not 0.9.x et al)

If/when we encounter a target without OpenSSL, we can add the complexity
back, but for now, we keep paring away.)

..m

On Fri, Jan 27, 2017 at 12:23 PM Daniel Franke <dfoxfranke at gmail.com> wrote:

> Where is this notion coming from that OpenSSL is going to drop MD5 or SHA1
> support any time soon? That's inconceivable to me.
>
> On Jan 27, 2017 3:21 PM, "Eric S. Raymond" <esr at thyrsus.com> wrote:
>
> Mark Atwood <fallenpegasus at gmail.com>:
> > We do need to get wacking on the weeds on removing more of this thicket.
>
> Here are our constraints:
>
> * Daniel has stated that he prefers the OpenSSL implementations of MD5 and
>   SHA-1. He's our crypto expert, so he gets to make that call and I would
>   have no grounds to even argue with it.
>
> * We have beem warned that these might be removed from OpenSSL in the
>   unspecified future.
>
> * libsodium does not carry MD5 and SHA-1, and won't for the same reason
>   that they might be removed
>
> Therefore, here are our options:
>
> 1. Make OpenSSL a required library and remove the local MD5/SHA-1.  Daniel
> gets
>    his optimizations, I get to remove code, and all is happy unless the axe
>    falls and MD5/SHA-1 are removed from OpenSSL.
>
> 2. Do nothing.  OpenSSL remains optional and we're covered against OpenSSL
>    yanking those festures.
> --
>                 <a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
>
> _______________________________________________
> devel mailing list
> devel at ntpsec.org
> http://lists.ntpsec.org/mailman/listinfo/devel
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20170127/9b13cfca/attachment.html>