OpenSSL 1.1 support status : what next?

Emmanuel Deloget logout at
Sun Jun 25 02:02:32 AEST 2017

Hi George,

On Sat, Jun 24, 2017 at 2:06 PM, George M. Garner Jr.
<ggarner_online at> wrote:
> I think that this is the better approach.  The question I have is why the
> SSH logic should be dependent on the implementation details of ANY
> particular cryptographic library (be it openssl, libressl or whatever)?
> Proper software design would develop an abstraction layer with some measure
> of forward compatibility built in.

I'm all in favor of abstracting such a complex piece of code. Yet the
sheer number of available crypto library out there makes it an XKCD
"build another standard to aggregate all the existing standard, so now
there is one more standard to deal with" kind of situation. Not to
mention that these libraries may implement different philosophies so
building some abstraction code above them could be quite complex. To
be honest, I would not even know where to start :)


-- Emmanuel Deloget

More information about the openssh-unix-dev mailing list