On Sun, Jun 01, 2014 at 07:47:30PM +0200, Dr. Stephen Henson wrote:
> > Thanks. In particular, since SSL_OP_ALL is a compile-time constant,
> > applications compiled with older releases will not send the extension
> > by default. Only applications compiled against 1.0.1g or later
> > that use SSL_OP_ALL, or specifically enable this work-around, will
> > send the extension.
>
> Actually it currently reuses an obsolete bit of SSL_OP_ALL so any existing
> application setting SSL_OP_ALL will use it. That's not set in stone and we do
> have a spare bit.
Repurposing bits in this way is problematic if that bit meant something else
in any OpenSSL-1.x.y release (notional ABI). If the bit is from 0.9.x, and
was never used in 1.x.y, then it is OK.
I think it is actually a feature for older apps to not by default
enable some feature that they have no way to disable.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
