[Info-vax] SSL V3
Arne Vajhøj
arne at vajhoej.dk
Wed Feb 16 09:00:56 EST 2022
On 2/16/2022 8:52 AM, Craig A. Berry wrote:
> On 2/16/22 7:31 AM, Arne Vajhøj wrote:
>> On 2/15/2022 10:56 PM, Dave Froble wrote:
>>> Just got an email from VSI, their version of SSL V3 is now available.
>>> This should be a good thing, bringing some of the latest SSL stuff to
>>> VMS.
>>
>> I assume OpenSSL software version 3.x and not SSL protocol version 3.0.
>>
>> OpenSSL 3.x is latest and greatest. SSL 3.0 is very much obsolete and
>> deprecated - only TLS 1.2 and 1.3 should be used - and obviously OpenSSL
>> 3.x support those.
>
> Yes, they are calling it OpenSSL v3.0-1, which presumably corresponds to
> OpenSSL 3.0.1. The product name is SSL3. Since binary compatibility is
> now guaranteed for anything with the same major version number, we
> should not have a repeat of the product naming madness that resulted in
> SSL111.
Retain open source name and VMSify version number from x.y.z to x.y-z is
all fine. No confusion.
I just wanted to ensure that everyone know the difference between
OpenSSL 3.x and SSL 3 - the SSL 3 protocol is banned everywhere
as insecure (or at least should be).
Arne
More information about the Info-vax
mailing list