On Sun, Aug 3, 2014 at 11:07 AM, Bob Beck <[email protected]> wrote: > Security problems: CRIME, BREACH, and other crud. Compression was > slapped into TLS without any thought to the consequences or side > effects. - effecively doing this in TLS should not be considered a > mature protocol, and nobody who takes security seriously should > use that until it is - if ever.
Uh, wrong expansion of CMS, Bob. CMS in this context means Cryptographic Message Syntax, the extension/generalization/evolution of the S/MIME syntax and, in the openssl CLI, its own command. So, why is CMS turned off in libressl? Because it was disabled in the openssl that had been imported at some point and no one ever pushed for turning it on. I've tossed it on my TODO list to review and fix the code and enable it; we'll see if someone beats me to that... Philip Guenther
