On Wed, May 2, 2012 at 7:27 PM, Gary Palmer <gpal...@freebsd.org> wrote: > On Wed, May 02, 2012 at 11:45:27PM +0100, Matt Dawson wrote: >> On Wednesday 02 May 2012 23:14:41 Mark Felder wrote: >> > Why go out of your way and use mod_gnutls? >> >> Because it supports TLSv1.[1|2], which was the PP's question, whereas >> OpenSSL doesn't and doesn't show any signs of doing so in the near >> future: >> >> https://www.openssl.org/support/funding/wishlist.html >> >> Note well the "If and when." >> >> IE might be the only client with support for those protocols right now >> but somebody has to lead the way on the server side or you end up with >> a mutual apathy loop (AKA positive can't be arsed feedback loop). > > Their website is out of date. This is from CHANGES in OpenSSL 1.01a: > > Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1: > > o TLS/DTLS heartbeat support. > o SCTP support. > o RFC 5705 TLS key material exporter. > o RFC 5764 DTLS-SRTP negotiation. > o Next Protocol Negotiation. > o PSS signatures in certificates, requests and CRLs. > o Support for password based recipient info for CMS. > o Support TLS v1.2 and TLS v1.1. > o Preliminary FIPS capability for unvalidated 2.0 FIPS module. > o SRP support. > > Note the 3rd last bullet point.
Another reason to update the version in FreeBSD to 1.0.1b. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
