Hi Dirkjan, On 09/24/2018 11:55 AM, Dirkjan Bussink wrote: > Hi all, > > Given all the critical security issue and that you all were busy with that, I > suspect this didn’t get much additional eyes. Now that that fix is out the > door, I’m wondering if there’s any feedback or further input for the OpenSSL > 1.1.1 patches I wrote? > > Cheers, > > Dirkjan > >> On 14 Sep 2018, at 14:28, Dirkjan Bussink <[email protected]> wrote: >> >> Hi all, >> >>> On 14 Sep 2018, at 14:15, Emmanuel Hocdet <[email protected]> wrote: >>> >>> It’s not necessary, BoringSSL and LibreSSL have, at best, >>> OPENSSL_VERSION_NUMBER set to 1.1.0 for API compatibilité. >> >> Looking at LibreSSL, it’s defining this (in their latest Git code): >> >> src/lib/libcrypto/opensslv.h:#define OPENSSL_VERSION_NUMBER 0x20000000L >> >> I also see this conditional used in other places to explicitly exclude >> BoringSSL and LibreSSL, so that’s why I thought it would be needed here as >> well. >> >> -- >> Cheers, >> >> Dirkjan >
Seems good for me except for documentation: Could you precise in the old "ciphers" description that this applies only for TLSv <= 1.2. (and add a ref to the new keyword for TLSv1.3) R, Emeric
