httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <>
Subject RE: [PATCH] openssl versions?
Date Thu, 13 Mar 2003 06:31:37 GMT
At 12:06 AM 3/13/2003, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote:
>- Regarding the SSL-C version, I've tried using with both 2.1 and 2.3 (I
>definitely prefer 2.3). The reason I put 2.1 is to enable all those users
>with 2.1 to get mod_ssl to work. If you think it's a waste of time, I'd be
>happy to force 2.3 [Does anybody know if SSL-C had security problems in
>versions < 2.3. I thought it had, but I'm totally unaware of it]

Yes - all the way back.  They provided patches for the older versions,
but RSA seems to be less and less enthusiastic about patching the 
ancient 2001 and prior releases, e.g 1.2/1.3.

I'd be happy to see us support the '2.0 generation' - if we focus on
2.3, yet provide mechanics to deal with the fixups to 2.1/2.2 and
maybe even 2.0, then I'd be happy with that.  But SSL-C 2.0 and
later were altogether different from the 1.x families, and even those
more recent bumps are definitely still 'speed bumps' to supporting
all the flavors under our toolkit.

Anyways, nice patch - I'd prefer if you would follow the "Fix One Thing"
rule of committing this patch; e.g. take it back apart and have each
commit labeled as to it's single purpose.  But at least here, I'm +1 for this
to go into 2.1-dev and I'll help continue to review/improve it in-tree.  I'd be
a very strong -1 for these changes in 2.0-dev until we collectively agree, 
with certainty, that 'it just works' across the OpenSSL and SSL-C versions
we choose to support.

As far as 2.1 -> 2.0, I'd like to see the build hang around one month with
no ill reports before we try backporting the changes, all in one pass, back
to 2.0-dev.


View raw message