On 08/11/2018 13:21, Matt Caswell wrote:
> There are currently 5 PRs and 1 issue with the 1.1.1a milestone set
> against them.
>
> Of the 5 PRs, 3 are in the ready state:
>
> 7462: Test: link drbgtest statically against libcrypto
> 7437: rand_unix.c: open random devices on first use only
>
of this version should upgrade to
OpenSSL 1.1.1.
References
==
URL for this Security Advisory:
https://www.openssl.org/news/secadv/20181112.txt
Note: the online version of the advisory may be updated with additional details
over time.
For details of OpenSSL severity classifications please see
Between last time we discussed it and now, waiting seems to have been
prudent, as the TLS/QUIC interaction got significantly revamped.
The current QUIC drafts have TLS exporting key material and plaintext
handshake messages, with QUIC record protection used on the wire and not
TLS record
For those wanting to follow what's happening in QUIC space, this is a
good place to start: https://datatracker.ietf.org/wg/quic/about/
In message <20181112.113323.260349601387601601.levi...@openssl.org> on Mon, 12
Nov 2018 11:33:23 +0100 (CET), Richard Levitte said:
> QUIC was mentioned a
QUIC was mentioned a little more than a year ago. Since then, it
seems that the drafts have moved forward with quite some speed:
https://tools.ietf.org/html/draft-ietf-quic-transport-16
https://tools.ietf.org/html/draft-ietf-quic-tls-16
https://tools.ietf.org/html/draft-ietf-quic-recovery-16
