Date: Sun, 3 May 2015 17:44:39 +0000 From: Matthew Finkel Matthew.Finkel@gmail.com …
Another disadvantage of this is PSS wasn't implemented in openssl's apps until 1.0.1. I wonder how many relays are running on servers which are still using openssl 0.9.8 (and 1.0.0?). For these servers we can fallback on pkcs#1 v1.5 signatures.
OS X still ships with OpenSSL 0.9.8 by default.
But Darwin is such a small fraction of the network, and it's less likely that a Darwin server would push enough data to get a t-shirt unless it had an OpenSSL version with aes-ni.
teor
teor2345 at gmail dot com pgp 0xABFED1AC https://gist.github.com/teor2345/d033b8ce0a99adbc89c5
teor at blah dot im OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7