>> making it build on >> older versions of OpenSSL.
> Is this important? I haven't followed this exactly, but isn't AES_SIV_CMAC > only available in bleeding edge (possibly not even released) OpenSSL? If so, > this is only going to be useful if you're willing to backport the > AES_SIV_CMAC and use it separately. That might be wise to do, though. Older, but not very old. I'm debugging on OpenSSL 1.1.1a which supports TLS1.3 but is not widely deployed yet. So far, older goes back as far as 1.0.1e which support TLS1.2 but doesn't have the fancy new API to set the min/max versions. But they do have a way to set "the" version which is all we need since we don't want anything before 1.2 and they don't support anything newer. In particular, Debian is on 1.1.0j which doesn't support 1.3 I don't plan to spend any time supporting ancient versions but it's only a few lines of code to make sure that older versions don't use pre 1.2 versions of SSL/TLS. Thanks for following closely enough to ask a good question. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
