OpenSSL

Ned Deily nad at acm.org
Tue Apr 8 13:06:49 PDT 2014


In article <1496567.dPnP996dF6 at patux>,
 Rene J.V. Bertin <rjvbertin at gmail.com> wrote:
> On Monday April 07 2014 23:58:37 Ned Deily wrote:
> > Don't even think of that!  First, as you may know, most Apple-supplied 
> > programs don't use OpenSSL anyway (at least since 10.7 when it was 
> 
> This I didn't know ...

Because they use Apple's own security frameworks (remember the recent 
GOTO fail?).
 
> > officially deprecated).  Second, the Heartbleed bug only applies to 
> > OpenSSL 1.0.1 through 1.0.1f.  Apple has never shipped a version of 
> > OpenSSL later than 0.9.8.
> 
> And this ... hardly surprises me...

An independent software developer wrote a blog post a while back with 
his explanation of why Apple deprecated use of OpenSSL in favor of its 
own security frameworks.  It wasn't an arbitrary decision.

http://rentzsch.tumblr.com/post/33696323211/wherein-i-write-apples-techno
te-about-openssl-on-os-x

-- 
 Ned Deily,
 nad at acm.org



More information about the macports-users mailing list