On Thu, Jan 28, 2016 at 8:39 AM, Jakub Zelenka <bu...@php.net> wrote:
> I would like to bump a minimal OpenSSL version to 1.0.1 in our master. It > means dropping support for OpenSSL 0.9.8 and 1.0.0 in master. Both of these > versions are EOL as of 2015/12/31 and users should not use them. It will > help with maintainability (simplify code and testing) and porting to > OpenSSL 1.1.0. > > This would be just for master which means next minor version (7.1). We > already quickly discussed this in > https://www.mail-archive.com/internals@lists.php.net/msg80502.html some > time ago and I think that now is the right time to do that (before looking > to OpenSSL 1.1 compatibility). > > Are there any objections? No objection to the requirement. Perhaps we should "recommend" 1.0.1r+ and 1.0.2f+, because of security vulnerabilities in earlier versions: https://mta.openssl.org/pipermail/openssl-announce/2016-January/000058.html
