> 1.0.1t does not currently have a planned release date. Releases are > scheduled on an as-needed basis, typically (although not always) as a result > of security defects being discovered. We normally only announce a release > date for security fixes a few days in advance.
And note that 1.0.1 is on a security-fixes-only state. > > Disabling SSLv2 in a default build will break applications we have > > released that depended on SSLv2 by default like release 2.2.29 of > > Apache’s httpd. > > > > We can change our SSL build but would rather have fixes in an official > > release. Yes, we broke compatibility in our desire to make sure everyone was "safe" from the attack. Sorry about that; we'll fix it next time a security patch for 1.0.1 comes out. One approach is to look at the branch in our GIT repo's and cherry-pick the fix to your release for now. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
