OpenSSL STATUS Last modified at
- ______________ $Date: 2002/03/11 09:36:04 $
+ ______________ $Date: 2002/04/25 07:52:07 $
DEVELOPMENT STATE
NEEDS PATCH
- o An (optional) countermeasure against the predictable-IV CBC
- weakness in SSL/TLS should be added; see
- http://www.openssl.org/~bodo/tls-cbc.txt
+ o parameters should be omitted (not NULL) with id-dsa-with-sha1 OID
+ in X.509 signatures
+
+ o inappropriate AlgorithmIdentifier used in S/MIME signatures
+ (key type instead of signature algorithm)
+
+ o AES ciphersuites are not (yet) official and should not be enabled
+ unless explicitly requested
o apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file
OPEN ISSUES
+ o Do we want the EVP API changes in 0.9.7?
+ Can compatibility be improved?
+
o The Makefile hierarchy and build mechanism is still not a round thing:
1. The config vs. Configure scripts