Progress resolving OpenSSL 1.1.0 issues

The Doctor doctor at
Tue Dec 20 03:04:22 AEDT 2016

On Mon, Dec 19, 2016 at 06:13:46AM -0800, jpbion at wrote:
> I know it has been stated that OpenSSL 1.1.0 is a non-starter for 
> OpenSSH until a better compatibility system is provided by OpenSSL, 
> allowing a single code-base to support interacting with both OpenSSL 
> 1.0.x and 1.1.x.
> I also know various people have provided patches to OpenSSH offering 
> such support, but it also seems as if OpenSSH is waiting for something 
> official. These patches offered to OpenSSH may have forced users of 
> OpenSSH to move to OpenSSL 1.1.x - I haven't checked that out, and I 
> know that would be a non-starter. But perhaps they did offer a 
> compatibility layer.
> Finally, I also realize OpenSSH has to work with multiple different SSL 
> providers, not just OpenSSL, and that OpenSSL has forced a whole slew of 
> changes on its 'customers'.
> I worry about a deadlock, though. Does the OpenSSL team even know that 
> the OpenSSH project will not move toward 1.1.0 support until it provides 
> a simpler and official multi-version compatibility system? If there is 
> no communication with them, it is unlikely they'll think of working on 
> the compatibility system themselves (else it would have already been 
> provided, because it's a rather obvious and important need.) Or is the 
> OpenSSH team simply saying "until there is one, we won't support OpenSSL 
> 1.1.0" - hoping it just happens - but not making effort to see that it 
> does?
> OpenSSH is one of the more important SSL 'customers' The view of "nope; 
> I won't code a custom compatibility system" may absolutely be the right 
> thing to say and do. But do we even have OpenSSL's ear, to make sure 
> what was said here was heard?

Openssl 1.1 backwards compatability to Openssl 1.0 
will not ever happen.

The best programmers can do is to program around

openssl 1.1 + Openssl less than 1.0 and libressl.

> Thanks!
> Joel
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at

Member - Liberal International This is Ici
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising!  Look at Psalms 14 and 53 on Atheism
Merry Christmas 2016 and Happy New Year 2017

More information about the openssh-unix-dev mailing list