Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Security Software News

OpenSSL 1.0.0 Released 105

Posted by Soulskill from the sweet-when-is-2.0 dept.
hardaker writes "After over 11 years of development since the start of the OpenSSL Project (1998-12-23), OpenSSL version 1.0.0 has finally hit the shelves of the free-for-all store."
This discussion has been archived. No new comments can be posted.

OpenSSL 1.0.0 Released More

OpenSSL 1.0.0 Released

Comments Filter:

  • The worst documentation I've ever seen (Score:0, Insightful)

    by Anonymous Coward on Monday March 29, 2010 @04:42PM (#31661966)

    Version 1.0 and I'm sure the docs are all outdated as they always have been. They really need to get their shit together when it comes to some decent documentation.

  • Re:You insensitice clod... (Score:3, Insightful)

    by Lunix Nutcase ( 1092239 ) on Monday March 29, 2010 @04:49PM (#31662044)

    Or monkeying with the random number generator.

  • Documentation (Score:5, Insightful)

    by Anonymous Coward on Monday March 29, 2010 @04:51PM (#31662068)

    openssl(1): [STILL INCOMPLETE]
    ssl(3): [STILL INCOMPLETE]
    crypto(3): [STILL INCOMPLETE]
    HOWTO: [STILL INCOMPLETE]

    I would trade in the last 12 months worth of OpenSSL development for some decent documentation. [STILL INCOMPLETE] is a half truth as well; the complete bits suck in novel ways.

  • Re:You insensitice clod... (Score:4, Insightful)

    by Cyclops ( 1852 ) <<rms> <at> <1407.org>> on Monday March 29, 2010 @04:59PM (#31662194) Homepage

    Or monkeying with the random number generator.

    After being ignored by arrogant dolts who didn't bother to correct him and guide into providing a better fix.

  • Re:You insensitice clod... (Score:3, Insightful)

    by Lunix Nutcase ( 1092239 ) on Monday March 29, 2010 @05:03PM (#31662236)

    Then if you neither understand the code nor understand the effects your changes make to the code, you don't make the change. The fault squarely lies with the idiot monkeying around in places he shouldn't have.

  • Re:Geee! (Score:4, Insightful)

    by pushing-robot ( 1037830 ) on Monday March 29, 2010 @05:09PM (#31662322)

    To use the Packet Forensics box, a law enforcement or intelligence agency would have to install it inside an ISP, and persuade one of the Certificate Authorities — using money, blackmail or legal process — to issue a fake certificate for the targeted website. Then they could capture your username and password, and be able to see whatever transactions you make online.

    Granted, TFA states that a hacker could potentially circumvent the more difficult parts by using social engineering—registering a certificate that looks like it matches a particular web site and hoping surfers will manually accept it. But that's again a problem with the certificate authority and/or user, not SSL itself.

    All the article really boils down to is that SSL is useless if the client and server can't trust the certificate authority. Which should be freaking obvious.

Slashdot Top Deals

There are two ways to write error-free programs; only the third one works.

Close