Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenSSL 1.0.2 Released

Posted by timothy on from the early-days dept.

kthreadd writes The OpenSSL project has released its second feature release of the OpenSSL 1.0 series, version 1.0.2 which is ABI compatible with the 1.0.0 and 1.0.1 series. Major new features in this release include Suite B support for TLS 1.2 and DTLS 1.2 and support for DTLS 1.2. selection. Other major changes include TLS automatic EC curve selection, an API to set TLS supported signature algorithms and curves, the SSL_CONF configuration API, support for TLS Brainpool, support for ALPN and support for CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH.

7 of 97 comments (clear)

  1. libressl-2.1.3 by Anonymous Coward · · Score: 2, Informative

    libressl-2.1.3.tar.gz 21-Jan-2015 2.7M. For you non Open BSD users: portability wrappers. Full Source.

    1. Re:libressl-2.1.3 by armanox · · Score: 5, Informative

      Actually, libressl supports OS X and HP-UX as well. Some groundwork is in place for supporting AIX and IRIX (I no longer have access to AIX to continue porting, and I'm not sure IRIX will ever work right). If you really wanted it to work with MSVC, you could write, test, and propose the patches to make it work. I'm all for eliminating GCCisms (the areas I've been poking at the code I'm not trying to eliminate GCCisms, not my priority).

      --
      I'm starting to think GNU is the problem with "GNU/Linux" these days.
  2. Obligatory reminder that an alternative exists by Rinisari · · Score: 2, Informative

    http://www.libressl.org/

    --
    Colin Dean Go a year without DRM
    1. Re:Obligatory reminder that an alternative exists by Aethedor · · Score: 4, Informative

      Why start with something bad to make something good. If you want a good SSL library, try PolarSSL. It's a quite unknown, but great library. Unlike OpenSSL, this one has good documentation. The Hiawatha webserver uses it and it easily gives me an A+ score at SSL labs.

      --
      It doesn't have to be like this. All we need to do is make sure we keep talking.
    2. Re:Obligatory reminder that an alternative exists by TechyImmigrant · · Score: 5, Informative

      We tried contacting the PolarSSL developers about contributing code to fix their random number problem. No response. No random numbers -> no security.

      No matter what the security problem, it's always the random numbers, or lack thereof that is the problem.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    3. Re:Obligatory reminder that an alternative exists by ArchieBunker · · Score: 2, Informative

      SSL is broken anyhow. The feds have all the top level keys and can listen with impunity.

      --
      Only the State obtains its revenue by coercion. - Murray Rothbard
    4. Re:Obligatory reminder that an alternative exists by Antique+Geekmeister · · Score: 4, Informative

      You _can_ do so, but the hardcoded reliance on the master signature authorities in nearly every popular software tool makes such efforts problematic. It's exceedingly difficult to _excise_ these master keys, or to display them as "not trusted due to federal key access", without breaking many tools.