On Tue, Jan 29, 2019 at 01:27:24PM -0600, David Benjamin wrote:
> I think one clear conclusion from this incident is that this sort of
> low-level API should be avoided, or people will use them in finicky ways
> that break unexpectedly when you change things. Better defer such
> mechanisms to when concrete use cases come up, and then implement direct
> APIs for those use cases, like SSL_OP_NO_RENEGOTIATION.

I have to agree to that.


openssl-project mailing list

Reply via email to