On Thu, 1 Oct 2015 09:25:42 -0400 Brian Evans wrote: > On 9/30/2015 5:40 PM, Andrew Savchenko wrote: > > > 2. Some old features are removed: > > https://en.wikipedia.org/wiki/LibreSSL#Added_features Most notably > > SSLv3 and MD5 support cancelled, while they are indeed not secure, > > some apps are likely still depend on them. > > My concern is if they remove the MD5 crypto functions.
According to their ChangeLog, they are already removed in the version 2.1.4: https://github.com/libressl-portable/portable/blob/53eacb360e1746c462cddbcbf81510a5b91c00db/ChangeLog "Dead and disabled code removal including MD5, Netscape workarounds, non-POSIX IO, SCTP, RFC 3779 support, many #if 0 sections, and more." However, md5 directory is still present in the code tree: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/src/crypto/md5/ I do not understand this. Best regards, Andrew Savchenko
pgpGcqWICtBww.pgp
Description: PGP signature
