9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed
* [9fans] intent to delete: devssl, cpu, oexportfs, import
@ 2021-10-22 23:43 ori
  0 siblings, 0 replies; only message in thread
From: ori @ 2021-10-22 23:43 UTC (permalink / raw)
  To: 9fans

SSL 3.0 is implemented by devssl.  It has been broken
since the POODLE and BEAST attacks in 2014.

However: it's hard-coded in cpu(1), oexportfs(4), and
import(4) via a call to pushssl().  I don't think it's
possible to upgrade them and keep the the protocol

To use a working version of the TLS protocol, there's
going to have to be a clean break.  The SSL and TLS
record formats seem incompatible, and there's no
version negotiation in cpu.

9front already deprecated cpu/import, with rcpu and
rimport as replacements, so this only affects 9legacy
to 9front communication.

It'd be nice to keep things interoperable without

Is there a path forward that doesn't leave us dragging
along a broken, obsolete SSL version forever?

9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/T45587a22bb317243-Md4aba3c3b058795195e54f3d
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2021-10-22 23:43 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-22 23:43 [9fans] intent to delete: devssl, cpu, oexportfs, import ori

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).