On 27/02/2019 19.53, Michael Richardson wrote: > > Christian Heimes <christian@xxxxxxxxxx> wrote: > > I'm concerned about the version number of the upcoming major release of > > OpenSSL. "OpenSSL 3.0" just sounds and looks way too close to "SSL 3.0". > > It took us more than a decade to teach people that SSL 3.0 is bad and > > should be avoided in favor of TLS. In my humble opinion, it's > > problematic and confusing to use "OpenSSL 3.0" for the next major > > version of OpenSSL and first release of OpenSSL with SSL 3.0 support. > > You make a good point which I had not thought about, having exhumed SSLx.y > From my brain. +5 > > > You skipped version 2.0 for technical reasons, because (IIRC) 2.0 was > > used / reserved for FIPS mode. May I suggest that you also skip 3.0 for > > UX reasons and call the upcoming version "OpenSSL 4.0". That way you can > > avoid any confusion with SSL 3.0. > > Integers are cheap. > And 4.0 is > 3.0, so (Open)SSL 4.0.0 must be better than SSL3. Thanks for your support! I have created PR https://github.com/openssl/openssl/pull/8367 to bump the version number to 4.0.0. Christian
Attachment:
signature.asc
Description: OpenPGP digital signature
