UndrgroundRider explained it.Originally posted by rage2
Then that's fine. I'm just saying that there's a LOT of people out there who upgrade for the hell of it, not for functionality. You're adding new features that you would never use, and open yourself up to bugs for those new features because people make mistakes when writing new code. I'm willing to guess that most of the vulnerable servers out there didn't need anything from OpenSSL 1.x, and would've operated just as fine with OpenSSL 0.9.x.
Anyhow, OpenSSL 1 is two years old! Jesus, at what point do you decide when version to use? How can you even know that OpenSSL 0.9 would've been any more secure?