OpenSSL 1.0.0 Released

← Back to Stories (view on slashdot.org)

Posted by Soulskill on Monday March 29, 2010 @08:31AM from the sweet-when-is-2.0 dept.

hardaker writes "After over 11 years of development since the start of the OpenSSL Project (1998-12-23), OpenSSL version 1.0.0 has finally hit the shelves of the free-for-all store."

3 of 105 comments (clear)

Min score:

Reason:

Sort:

Documentation by Anonymous Coward · 2010-03-29 08:51 · Score: 5, Insightful

openssl(1): [STILL INCOMPLETE]
ssl(3): [STILL INCOMPLETE]
crypto(3): [STILL INCOMPLETE]
HOWTO: [STILL INCOMPLETE]
I would trade in the last 12 months worth of OpenSSL development for some decent documentation. [STILL INCOMPLETE] is a half truth as well; the complete bits suck in novel ways.
Re:You insensitice clod... by Cyclops · 2010-03-29 08:59 · Score: 3, Insightful

Or monkeying with the random number generator.
After being ignored by arrogant dolts who didn't bother to correct him and guide into providing a better fix.
Re:Geee! by pushing-robot · 2010-03-29 09:09 · Score: 3, Insightful

To use the Packet Forensics box, a law enforcement or intelligence agency would have to install it inside an ISP, and persuade one of the Certificate Authorities — using money, blackmail or legal process — to issue a fake certificate for the targeted website. Then they could capture your username and password, and be able to see whatever transactions you make online.
Granted, TFA states that a hacker could potentially circumvent the more difficult parts by using social engineering—registering a certificate that looks like it matches a particular web site and hoping surfers will manually accept it. But that's again a problem with the certificate authority and/or user, not SSL itself.
All the article really boils down to is that SSL is useless if the client and server can't trust the certificate authority. Which should be freaking obvious.

--
How can I believe you when you tell me what I don't want to hear?