Hacker News new | ask | show | jobs
by duxup 2163 days ago
"dumping ground for their pet research projects, that are enabled by default, of course"

How does that work? How does anyone even approve it if it isn't going to be used?

Admittedly I'm out of the loop as far as contributing to such projects, maybe letting that stuff in is the norm?
1 comments
throw0101a 2163 days ago
> How does that work? How does anyone even approve it if it isn't going to be used?

How do you know it won't be used if it isn't put in in the first place?

link
duxup 2163 days ago
What kind of things are we talking about that someone would add to OpenSSL outside of its core functions?
link
jcranmer 2162 days ago
Extensions to SSL, such as the SSL heartbeat extension (RFC 6520)... the one where the Heartbleed bug was found in. Other cipher suites would be another example.

The criticism here is that OpenSSL wasn't particularly choosy in which features of SSL (or other crypto in general) that it supported; it supported all of them, even if they were of more questionable utility.

link
tptacek 2162 days ago
The perils of being the reference implementation.
link