Oops. Derp derp... On 3 Aug 2014 17:53, "Philip Guenther" <[email protected]> wrote:
> On Sun, Aug 3, 2014 at 11:07 AM, Bob Beck <[email protected]> wrote: > >> Security problems: CRIME, BREACH, and other crud. Compression was >> slapped into TLS without any thought to the consequences or side >> effects. - effecively doing this in TLS should not be considered a >> mature protocol, and nobody who takes security seriously should >> use that until it is - if ever. > > > Uh, wrong expansion of CMS, Bob. CMS in this context means Cryptographic > Message Syntax, the extension/generalization/evolution of the S/MIME syntax > and, in the openssl CLI, its own command. > > So, why is CMS turned off in libressl? Because it was disabled in the > openssl that had been imported at some point and no one ever pushed for > turning it on. I've tossed it on my TODO list to review and fix the code > and enable it; we'll see if someone beats me to that... > > > Philip Guenther > >
