Will OpenSSL 1.0.1s be released?

Jan Holzhueter jh at opencsw.org
Wed May 4 10:21:10 CEST 2016


Am 29.04.16 um 21:28 schrieb David Hollenberg:
> Will the OpenSSL 1.0.1s package be released?
> I noticed that OpenSSL 1.0.1s has blocking bugs.  Looks like there is some
> concern that removal of SSL2 will break some things.
> We don't need 1.0.1s, but the OpenSSL project has announced version 1.0.1t
> to be released on May 3.  It has fixes for some high impact security bugs
> so we hope to get that version soon after it is released.

1.0.1t is in unstable now. And 1.0.1s in testing yesterday (bad timing :)
Sorry for the delay. With 1.0.1t they did the right thing which they
should have done in the first place. Not remove the sslv2 functions but
just return NULL if you disabled sslv2. So applications will not explode
crash or whatever. Just will not be able to start a session.
I will probably push 1.0.1t faster to testing as 1.0.1s is broken from
my point of view.


More information about the users mailing list