Dropping support for openssl 0.9.6?
Roger Dingledine
arma at mit.edu
Thu Oct 25 16:18:07 UTC 2007
Hi folks,
We're thinking about dropping support in Tor for openssl 0.9.6.
(It appears that 0.9.6 was last patched in 2004, meaning it's probably
quite insecure now.)
Does anybody here still rely on it? Or do you know any common platforms
that do? Speak up now if this matters to you. :)
We'll probably do a two-stage deprecation, where in the first stage
new Tors refuse to build with it but still accept connections to/from
Tors that use it, and in the second stage we assume that it no longer
exists anywhere.
--Roger
More information about the tor-talk
mailing list