We/I/us have been complying newest openssl source on our physical
solaris servers for some time with great success.
On 05/04/2016 04:21 AM, Jan Holzhueter wrote:
Hi,
Am 29.04.16 um 21:28 schrieb David Hollenberg:
Will the OpenSSL 1.0.1s package be released?
I noticed that OpenSSL 1.0.1s has blocking bugs. Looks like there is some
concern that removal of SSL2 will break some things.
We don't need 1.0.1s, but the OpenSSL project has announced version 1.0.1t
to be released on May 3. It has fixes for some high impact security bugs
so we hope to get that version soon after it is released.
1.0.1t is in unstable now. And 1.0.1s in testing yesterday (bad timing :)
Sorry for the delay. With 1.0.1t they did the right thing which they
should have done in the first place. Not remove the sslv2 functions but
just return NULL if you disabled sslv2. So applications will not explode
crash or whatever. Just will not be able to start a session.
I will probably push 1.0.1t faster to testing as 1.0.1s is broken from
my point of view.
Greetings
Jan
--
ITS Systems @ TTH
Craig M. Houck ><>
204B - 607 777 6827
We are only as good as the problems we solve.
