OpenSSL
Ned Deily
nad at acm.org
Tue Apr 8 13:06:49 PDT 2014
In article <1496567.dPnP996dF6 at patux>,
Rene J.V. Bertin <rjvbertin at gmail.com> wrote:
> On Monday April 07 2014 23:58:37 Ned Deily wrote:
> > Don't even think of that! First, as you may know, most Apple-supplied
> > programs don't use OpenSSL anyway (at least since 10.7 when it was
>
> This I didn't know ...
Because they use Apple's own security frameworks (remember the recent
GOTO fail?).
> > officially deprecated). Second, the Heartbleed bug only applies to
> > OpenSSL 1.0.1 through 1.0.1f. Apple has never shipped a version of
> > OpenSSL later than 0.9.8.
>
> And this ... hardly surprises me...
An independent software developer wrote a blog post a while back with
his explanation of why Apple deprecated use of OpenSSL in favor of its
own security frameworks. It wasn't an arbitrary decision.
http://rentzsch.tumblr.com/post/33696323211/wherein-i-write-apples-techno
te-about-openssl-on-os-x
--
Ned Deily,
nad at acm.org
More information about the macports-users
mailing list