[Cryptography] Apple and OpenSSL
Paul Wouters
paul at cypherpunks.ca
Fri Apr 18 22:46:11 EDT 2014
On Fri, 18 Apr 2014, Jerry Leichter wrote:
> Be aware that this is a strongly pro-Apple site, and that comes through plainly in the article. Still, it's an interesting history of how one company has been dealing with the issue of crypto software.
>
> http://appleinsider.com/articles/14/04/18/how-apple-dodged-the-heartbleed-bullet
"If your app depends on OpenSSL, you should compile OpenSSL yourself and
statically link a known version of OpenSSL into your app. This use of
OpenSSL is possible on both OS X and iOS. However, unless you are trying
to maintain source compatibility with an existing open source project,
you should generally use a different API."
Clearly Apple had user's security interest in mind when they stated that :P
Also how can the writer confirm app developers must staticly link in
openssl and say in the title "Apple dodged the heartbleed bullet".
Paul
More information about the cryptography
mailing list