Hacker News new | ask | show | jobs
by throw0101a 2167 days ago
> How does that work? How does anyone even approve it if it isn't going to be used?

How do you know it won't be used if it isn't put in in the first place?
1 comments
duxup 2166 days ago
What kind of things are we talking about that someone would add to OpenSSL outside of its core functions?
link
jcranmer 2166 days ago
Extensions to SSL, such as the SSL heartbeat extension (RFC 6520)... the one where the Heartbleed bug was found in. Other cipher suites would be another example.

The criticism here is that OpenSSL wasn't particularly choosy in which features of SSL (or other crypto in general) that it supported; it supported all of them, even if they were of more questionable utility.

link
tptacek 2166 days ago
The perils of being the reference implementation.
link