Matthew Seaman wrote:
Stable/9, but this hasn't changed in 9.0-RELEASE:
worm:~:# /usr/bin/openssl version
OpenSSL 0.9.8q 2 Dec 2010
Matthew, why does FreeBSD continue to use an older version of OPENSSL
for the base system when a newer version is available? While I could
understand, even if not fully approve the use of an older version in
the same major version, its continues use as the de facto standard in an
entirely new major version release is counter productive. There have
been many improvements in the 1.x release of OPENSSL so I fail to see
the logical use of the older version. If anything, they (the FreeBSD
developers) could keep this older version available in the ports system
and use the newer version as the default in the base system.
Unfortunately I can't answer that. I'm not in any position to decide
such things.
However I can hazard a guess at some of the possible reasons:
* openssl API changes between 0.9.x and 1.0.0 mean updating the
shlibs is not a trivial operation, and it was judged that the
benefits obtained from updating did not justify the effort.
* no one had any time to import the new version. There's plenty of
security-critical stuff depending on openssl, and making sure all
of that didn't suffer from any regressions is not a trivial job.
* simply that no one thought of doing the upgrade.
Actually there is something weird about openssl maintenance:
http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/163951
I asked in the lists, bugged different persons and still can't get clear
answer about this vulnerability.
You know I'm just not feeling safe with ECDSA keys...
--
Sphinx of black quartz judge my vow.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[email protected]"
