On Wed, 2012-04-25 at 10:35 +0200, Andy Polyakov via RT wrote:
> more secure protocols. Trade-off. As 1.0.0 application is not in
> position to expect anything above TLS1.0, trade-off can as well be
> resolved in favor of interoperability. Note that there is not such
> trade-off in 1.0.1 application context, because 1.0.1 SSL_OP_ALL won't
> disable protocols above TLS1.0.
I'd be in favor to moving the SSL_OP_NO_TLSv1_1 out of SSL_OP_ALL as of
1.0.0 as application should not in general really care against which
openssl version _with stable ABI_ it is linked. And the capabilities
should be defined by the underlying installed library version and not
the version it was built against. Of course in case the application
needs to refer to API additions for the new functionality the situation
is different, but that is not the case of TLS1.1.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
