On Thursday 03 May 2012 00:27:51 Gary Palmer wrote: > Their website is out of date.
As its primary public-facing information portal, I'm tempted to say that's an important priority to get right. Yes, volunteer project, etc, but the BSD way of doing things is to choose the tool for the job. All the visible information available at the time said OpenSSL wasn't it. I'm still wondering (and will read the blessed changelog this time) if mod_ssl is at this point since it'll need to expose the new functionality to httpd. > This is from CHANGES in OpenSSL > 1.01a: > > Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1: > > o TLS/DTLS heartbeat support. > o SCTP support. > o RFC 5705 TLS key material exporter. > o RFC 5764 DTLS-SRTP negotiation. > o Next Protocol Negotiation. > o PSS signatures in certificates, requests and CRLs. > o Support for password based recipient info for CMS. > o Support TLS v1.2 and TLS v1.1. > o Preliminary FIPS capability for unvalidated 2.0 FIPS > module. o SRP support. > > Note the 3rd last bullet point. Again, an important piece of news to be hidden in a changelog. Although I made an arse of myself by not knowing that, it could be a little clearer. Thanks for the correction. -- Matt Dawson GW0VNR MTD15-RIPE _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
