In message <[email protected]> on Tue, 17 Apr 2018 09:05:52 -0700, Daniel Kahn Gillmor <[email protected]> said:
dkg> On Mon 2018-04-16 08:22:59 +0200, Richard Levitte wrote: dkg> > Generally speaking, I don't necesseraly agree. If the use of an API dkg> > is perfectly valid for the conditions a program was built for, and dkg> > then suddenly breaks down because the new kid in town wanna play, dkg> > I find it hard to call that mis-use. I would much rather have libssl dkg> > do something along the lines of "oh, you're one of the old guys, let's dkg> > use something that works for you". dkg> dkg> But if that's the only API semantics, then there's no way for my project dkg> that depends on libssl to say "do the best thing you know how to do", so dkg> that i can get benefits from a simple upgrade. Depends on what "the best thing you know to do" is. In my mind, simply refusing to run as before because the new kid in town didn't like the environment (for example a cert that's perfectly valid for TLSv1.2 but invalid for TLSv1.3) it ended up in isn't "the best thing you know to do". But I get you, your idea of "the best thing you know to do" is to run the newest protocol unconditionally unless the user / application says otherwise, regardless of if it's at all possible given the environment (like said cert). -- Richard Levitte [email protected] OpenSSL Project http://www.openssl.org/~levitte/ _______________________________________________ openssl-project mailing list [email protected] https://mta.openssl.org/mailman/listinfo/openssl-project
