On Fri, Mar 16, 2018 at 7:57 AM, Stefan Eissing <[email protected]> wrote: > Hi Rainer, > > thanks for solving this issue. The version check indeed was missing. I do not > think supporting ACME on servers with such old OpenSSL is really something to > strive for. I'd have settled for a check von 1.0.2 even. If your changed > check makes it working for 1.0.1 also, that's fine. > > My (a tad philosophical) point of view is that security on the public network > is only achievable and *maintainable* by ever moving forward to the lastest, > best efforts of the community. If you stick on version, even if that worked > fine at the time, you'll get owned. > > Again, 2.4.x promises support for 0.9.8a+, so the check was missing. Maybe > this is a reason for a 2.6.x that is a re-vamped 2.4.x but with a revisited > baseline? Without mpm-prefork, http/0.9 and other cruft? A man can dream...
2.6 aside, should we just pick a date that openssl < 1.0.1 (or whatever) compat will be dropped from 2.4 and add it to the announcement template/website? I don't think we're ultimately doing anyone favors here.
