Will OpenSSL 1.0.1s be released?

CMH chouck at binghamton.edu
Wed May 4 16:07:58 CEST 2016


We/I/us have been complying newest openssl source on our physical 
solaris servers for some time with great success.

On 05/04/2016 04:21 AM, Jan Holzhueter wrote:
> Hi,
>
> Am 29.04.16 um 21:28 schrieb David Hollenberg:
>> Will the OpenSSL 1.0.1s package be released?
>>
>> I noticed that OpenSSL 1.0.1s has blocking bugs.  Looks like there is some
>> concern that removal of SSL2 will break some things.
>>
>> We don't need 1.0.1s, but the OpenSSL project has announced version 1.0.1t
>> to be released on May 3.  It has fixes for some high impact security bugs
>> so we hope to get that version soon after it is released.
> 1.0.1t is in unstable now. And 1.0.1s in testing yesterday (bad timing :)
> Sorry for the delay. With 1.0.1t they did the right thing which they
> should have done in the first place. Not remove the sslv2 functions but
> just return NULL if you disabled sslv2. So applications will not explode
> crash or whatever. Just will not be able to start a session.
> I will probably push 1.0.1t faster to testing as 1.0.1s is broken from
> my point of view.
>
> Greetings
> Jan
>
>

-- 
ITS Systems @ TTH
Craig M. Houck ><>
204B - 607 777 6827
We are only as good as the problems we solve.



More information about the users mailing list