OpenSSL 1.1 support status : what next?

Emmanuel Deloget logout at free.fr
Sun Jun 25 02:02:32 AEST 2017


Hi George,

On Sat, Jun 24, 2017 at 2:06 PM, George M. Garner Jr.
<ggarner_online at gmgsystemsinc.com> wrote:
> I think that this is the better approach.  The question I have is why the
> SSH logic should be dependent on the implementation details of ANY
> particular cryptographic library (be it openssl, libressl or whatever)?
> Proper software design would develop an abstraction layer with some measure
> of forward compatibility built in.

I'm all in favor of abstracting such a complex piece of code. Yet the
sheer number of available crypto library out there makes it an XKCD
"build another standard to aggregate all the existing standard, so now
there is one more standard to deal with" kind of situation. Not to
mention that these libraries may implement different philosophies so
building some abstraction code above them could be quite complex. To
be honest, I would not even know where to start :)

BR,

-- Emmanuel Deloget


More information about the openssh-unix-dev mailing list