On Tuesday 25 May 2010, Plüm, Rüdiger, VF-Group wrote: > While the pros sound promising this is a real strong con. > Especially as this would mean that 2.4 would not work with OpenSSL > < 1.0. The problem I see is that if you want to use other OS > provided libraries like openldap they have dependencies on the OS > provided OpenSSL and binding Apache against a different OpenSSL > version as these libraries are bound against looks like a big > problem if Apache is bound to them as well. > And building a whole stack of dependencies for Apache seems to be a > too large hurdle for me for adoption. > > So currently I would be -1 (vote not veto) on this.
I agree with Rüdiger, there are too many systems with older openssl around and upgrading only openssl is problematic. Would it make any sense to drop support for openssl < 0.9.8, or maybe 0.9.8m? Would that still lead to a significant simplification of the code?
