Christian Heimes <christian@xxxxxxxxxx> wrote:
> I'm concerned about the version number of the upcoming major release of
> OpenSSL. "OpenSSL 3.0" just sounds and looks way too close to "SSL 3.0".
> It took us more than a decade to teach people that SSL 3.0 is bad and
> should be avoided in favor of TLS. In my humble opinion, it's
> problematic and confusing to use "OpenSSL 3.0" for the next major
> version of OpenSSL and first release of OpenSSL with SSL 3.0 support.
You make a good point which I had not thought about, having exhumed SSLx.y
From my brain. +5
> You skipped version 2.0 for technical reasons, because (IIRC) 2.0 was
> used / reserved for FIPS mode. May I suggest that you also skip 3.0 for
> UX reasons and call the upcoming version "OpenSSL 4.0". That way you can
> avoid any confusion with SSL 3.0.
Integers are cheap.
And 4.0 is > 3.0, so (Open)SSL 4.0.0 must be better than SSL3.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | IoT architect [
] mcr@xxxxxxxxxxxx http://www.sandelman.ca/ | ruby on rails [
Attachment:
signature.asc
Description: PGP signature
