Re: [exim-dev] [Bug 1895] Default groups for DH possibly backdoored
On Tue, Mar 19, 2019 at 02:43:04AM +, admin--- via Exim-dev wrote: > --- Comment #9 from Phil Pennock --- > IMO yes we're ready to drop support for older OpenSSL. We set a clear policy, > it's over a year (or two?) after that point, and other projects have adopted > similar policies. FWIW, Postfix 3.4, released a few weeks ago no longer supports OpenSSL versions prior to 1.0.2. Though folks on this list probably don't care, Postfix support covers and the current and 3 previous stable releases, so we're still supporting Postfix 3.1, 3.2 and 3.3 which build with older OpenSSL releases, all the way back to 0.9.7, but DANE support requires at least OpenSSL 1.0.0. So users who're stuck with OpenSSL 1.0.2 can continue to use it, with a slightly older Postfix release, until 3.4 becomes the oldest supported stable release. -- Viktor. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 1895] Default groups for DH possibly backdoored
https://bugs.exim.org/show_bug.cgi?id=1895 --- Comment #9 from Phil Pennock --- IMO yes we're ready to drop support for older OpenSSL. We set a clear policy, it's over a year (or two?) after that point, and other projects have adopted similar policies. I haven't done anything to move us to the newer APIs. That LibreSSL doesn't support and doesn't like the cleaner configuration system of newer OpenSSL is a little off-putting. We've never formally said yes/no to supporting LibreSSL but de facto we have supported it simply as a result of the APIs being identical in the past, so we didn't need to care. But for the ability to load a DH param including q? Go for it! -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
