My plans, suggestions and whatever
Eric S. Raymond
esr at thyrsus.com
Fri Feb 8 22:22:50 UTC 2019
Gary E. Miller via devel <devel at ntpsec.org>:
> > I'm debugging on OpenSSL 1.1.1a which supports TLS1.3 but is not
> > widely deployed yet.
>
> For good reason. From their wiki:
>
> https://wiki.openssl.org/index.php/TLS1.3
>
> "The OpenSSL git master branch (and the 1.1.1-pre9 beta version)
> contain our development TLSv1.3 code which is based on the final
> version of RFC8446 and can be used for testing purposes (i.e. it is
> not for production use)."
>
> Note: "not for production use"
We probably can't ship with anything lower than 1.1.1b, anyway. Not
according to Martin Langer. And it's not out yet.
There are strategic reasons I don't have any problem saying we're not going to
support down-version libcrypto. I don't think Cisco will mind that, either.
--
<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
My work is funded by the Internet Civil Engineering Institute: https://icei.org
Please visit their site and donate: the civilization you save might be your own.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190208/eaaa15cc/attachment.bin>
More information about the devel
mailing list