Metadata Distribution Subcommittee of TAC

["Cantor, Scott" <>]

On 10/25/13, 6:52 AM, "Ian Young" 
<>
 wrote:
>
>> SSP relies on xmlseclibs which in turn relies on OpenSSL for all the
>>hashing functions. I don¹t think that means we¹re back to ³it depends².
>>I don¹t know how recently did OpenSSL incorporate support for SHA-2
>>family of algorithms, but I don¹t expect any system running SSP 1.11
>>(which is needed for SHA-2 support) with PHP 5.3 (which is the minimum
>>version required by SSP 1.11, I think), with an OpenSSL version old
>>enough to not support SHA-2. It might be possible, yes, but I think it¹s
>>really unlikely.

They clearly don't have much Solaris then.

>The SSP developers are obviously looking at things from a rather
>different perspective. They don't support systems like RHEL 4 with their
>current release *AT ALL*, because of things like the PHP version
>requirement, so they don't see an inability to use SHA-2 on such
>platforms as even being on the radar.

Ok, I don't know anything about PHP platform support of course. But I
guarantee Solaris is the exception to any rule. Which matters because an
astonishing number of vendors still use it.

-- Scott

Attachment: smime.p7s
Description: S/MIME cryptographic signature