Package: openssl Version: 0.9.8e-5 Severity: important Tags: security The DTLS implementation included in OpenSSL 0.9.8 is known to be buggy. See for example
http://www.mail-archive.com/[EMAIL PROTECTED]/msg21313.html http://rt.openssl.org/Ticket/Display.html?id=1245&user=guest&pass=guest I believe that in its current state it does not qualify as an implementation of RFC 4507. What is worse, nothing is known about its security features. Including DTLS in the Debian version of OpenSSL might mislead programmers into believing it is a secure choice, as it almost did mislead me. I would therefore like to suggest that the Debian version of OpenSSL should compile-out the DTLS code, or at the very least include a big, fat warning in the documentation. Juliusz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
