Viktor Dukhovni wrote: > On Thu, Oct 22, 2015 at 06:40:25PM +0000, Salz, Rich wrote: >>> >>> Most applications want a simple API that hides all the complexities of >>> TLS. If OpenSSL had done that, then it would be easy to see how enabling >>> 1.2 won't cause problems for those apps which said "you take care of it". >> >> As someone with a long history of building, influencing, and using libraries >> and their API's, this is not easy. > > Binary compatibility is difficult, and requires maintaining legacy > versions of interfaces with cross-platform symbol versioning and > related magic that transcends the release engineering cycles > available to OpenSSL at this time.
Binary compatibility is actually fairly easy. We've been providing it for several APIs on several platforms for the last 20 years. What is a pain in the butt is backwards-incompatible _specifications_. TLSv1.2 contains a few places of severe breakage, and dealing with these in a backwards-compatible fashion is what is difficult. -Martin _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
