* [9fans] intent to delete: devssl, cpu, oexportfs, import
@ 2021-10-22 23:43 ori
0 siblings, 0 replies; only message in thread
From: ori @ 2021-10-22 23:43 UTC (permalink / raw)
SSL 3.0 is implemented by devssl. It has been broken
since the POODLE and BEAST attacks in 2014.
However: it's hard-coded in cpu(1), oexportfs(4), and
import(4) via a call to pushssl(). I don't think it's
possible to upgrade them and keep the the protocol
To use a working version of the TLS protocol, there's
going to have to be a clean break. The SSL and TLS
record formats seem incompatible, and there's no
version negotiation in cpu.
9front already deprecated cpu/import, with rcpu and
rimport as replacements, so this only affects 9legacy
to 9front communication.
It'd be nice to keep things interoperable without
Is there a path forward that doesn't leave us dragging
along a broken, obsolete SSL version forever?
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-10-22 23:43 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-22 23:43 [9fans] intent to delete: devssl, cpu, oexportfs, import ori
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).