Hi folks, We're thinking about dropping support in Tor for openssl 0.9.6.
(It appears that 0.9.6 was last patched in 2004, meaning it's probably quite insecure now.) Does anybody here still rely on it? Or do you know any common platforms that do? Speak up now if this matters to you. :) We'll probably do a two-stage deprecation, where in the first stage new Tors refuse to build with it but still accept connections to/from Tors that use it, and in the second stage we assume that it no longer exists anywhere. --Roger
