On Sat, Aug 22, 2015 at 07:37:47AM -0700, Alice Wonder wrote:
> >If they really wanted to make a difference, they'd send patches,
> >not fork the project. I've seen very little by way of upstream
> >contributions.
> >
>
> One of the reasons they forked is because there were issue WITH PATCHES in
> the OpenSSL bug database that were not addressed for several years.
That was "then", things are different now. We'll see how 1.1.0 is
received. Though there'll still be lots of work to do for a while.
Google's BoringSSL is also a fork, but they're also contributing
to OpenSSL.
Anyway, bottom-line is that for now LibreSSL is too bleeding edge
for use with SMTP (and in particular Postfix).
Speaking of OpenSSL 1.1.0, that'll come out early next year. In
that version:
*) SSLv2 support has been removed. It still supports receiving a SSLv2
compatible client hello.
[Kurt Roeckx]
Which solves the problem in a more compatible way.
--
Viktor.
