On Monday, 9 September 2013 at 08:34, Poul-Henning Kamp wrote: > And BTW: That XXX comment is 10 years old. > > No, I say with conviction, based on personal inspection and experience, > that OpenSSL is crap. > > And as Garrett Wollman correctly pointed out on twitter: It remains > yet to be seen if any implementation of SSL/TLS can be non-crap, > given that they are stuck with X.509.
And you're stuck with the old, vulnerable OpenSSL in your BMC, that old router you've never gotten around to replacing, etc. I'm no fan of the OpenSSL API either, but it is possible to fix vulnerabilities when they arise; the much bigger problem is the set of vulnerabilities that you can't patch. Jon -- Jonathan Anderson jonat...@freebsd.org _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
