When software is deprecated, it gives programmers time to re-code around it and/or users to find something else to use. Software deprecation is something that's normal in the software industry, not something Apple thought up.
On Mar 5, 2013, at 2:05 PM, "Oliver, John N JR CTR SPAWARSYSCEN-PACIFIC, 53223"
wrote:
If it's deprecated, why is it still included, even in the latest release?
As someone else had mentioned, it sure looks like ssh is using it...
flamingo:~ joliver$ ssh -V
OpenSSH_5.6p1, OpenSSL 0.9.8r 8 Feb 2011
We all know that one vector for security issues is old, unmaintained software left sitting around. If it needs to stay, it should be updated. If it isn't needed, it should be removed.
-----Original Message-----
From: Shawn Geddis [mailto:geddis@apple.com]
Sent: Tuesday, March 05, 2013 9:29 AM
To: Oliver, John N JR CTR SPAWARSYSCEN-PACIFIC, 53223
Cc: Apple Fed-Talk
Subject: Re: [Fed-Talk] Apple CoreCrypto FIPS Status
On Mar 5, 2013, at 12:06 PM, "Oliver, John N JR CTR SPAWARSYSCEN-PACIFIC, 53223" <email@hidden> wrote:
Actually, I was thinking more along the lines of, when is CoreCrypto going to be the default out-of-the-box? When does the old OpenSSL go away?
OpenSSL was never the "default out-of-the-box" .
OpenSSL was deprecated in OS X 10.7
CoreCrypto / CoreCrypto Kernel is being validated for use under OS X 10.8
-- but was included in an earlier form (not to be validated) in OS X 10.7.
One correction I need to note from previous snippets for people is that...
. Heimdal Kerberos in OS X 10.8.x does in fact use CoreCrypto, so will be covered by the validation as well.
-- It was an error of my email communication (copy/paste/fail to edit) previously.
- Shawn
________________________________________
Shawn Geddis
Security Consulting Engineer
Apple Enterprise Division
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
Peter Link
Cyber Security Analyst
Cyber Security Program
Lawrence Livermore National Laboratory
PO Box 808, L-315
Livermore, CA 94551-0808
email@hidden
|