> -----Original Message----- > From: Frank de Brabander [mailto:braban...@fox-it.com] > Sent: donderdag 7 juni 2012 11:36 > To: Samuli Seppänen; openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] PolarSSL 1.1.0 support? > > Maybe this should actually be changed to >= 1.1.2, since there is a > security issue with versions from 0.99-pre4 up to and including > PolarSSL 1.1.1. >
The trouble there is that some distro's tend to only backport the security patches, and not the version patches. This would throw an extra obstacle in their way. Is it really our responsibility to verify that you are using a secure version of an SSL library? Adriaan
