bye bye OpenSSL v1.x support in #curl: https://github.com/curl/curl/commit/69c89bf3d3137fcbb2b8bc57233182adcf1e2817
Discussion
Loading...
Post
@bagder Random comment.... I frequently have to access online sites with obsolete protocol support (ie. someone, usually a Big Government Agency, on something ancient and obsolete but absolutely necessary). We'll even end up having to curl stuff and force ignoring of invalid, self-signed, or massively out of date certificates.... Not sure how much impact here it is (obviously, not secure), but we even are putting using FTP (gasp) from some places where there is no other option. Anyway, random comment about deprecating stuff. I know it's a pain to support old stuff, but.... (no use cases for curl I specifically know of right now, since we haven't audited the SSL versions of the data sources we have).
@ai6yr of course it would be cool if we never dropped anything. But OpenSSL v1 gets no more security fixes in the open since a while back, it is insecure for open source to use so we don't want to assist that. And we offer commercial support if someone really needs it.
@bagder ...waiting for someone to show up who pays for OpenSSL 1.x extended support.
bonfire.cafe
A space for Bonfire maintainers and contributors to communicate
Automatic federation enabled