Progress resolving OpenSSL 1.1.0 issues
doctor at doctor.nl2k.ab.ca
Tue Dec 20 03:04:22 AEDT 2016
On Mon, Dec 19, 2016 at 06:13:46AM -0800, jpbion at jfwest.com wrote:
> I know it has been stated that OpenSSL 1.1.0 is a non-starter for
> OpenSSH until a better compatibility system is provided by OpenSSL,
> allowing a single code-base to support interacting with both OpenSSL
> 1.0.x and 1.1.x.
> I also know various people have provided patches to OpenSSH offering
> such support, but it also seems as if OpenSSH is waiting for something
> official. These patches offered to OpenSSH may have forced users of
> OpenSSH to move to OpenSSL 1.1.x - I haven't checked that out, and I
> know that would be a non-starter. But perhaps they did offer a
> compatibility layer.
> Finally, I also realize OpenSSH has to work with multiple different SSL
> providers, not just OpenSSL, and that OpenSSL has forced a whole slew of
> changes on its 'customers'.
> I worry about a deadlock, though. Does the OpenSSL team even know that
> the OpenSSH project will not move toward 1.1.0 support until it provides
> a simpler and official multi-version compatibility system? If there is
> no communication with them, it is unlikely they'll think of working on
> the compatibility system themselves (else it would have already been
> provided, because it's a rather obvious and important need.) Or is the
> OpenSSH team simply saying "until there is one, we won't support OpenSSL
> 1.1.0" - hoping it just happens - but not making effort to see that it
> OpenSSH is one of the more important SSL 'customers' The view of "nope;
> I won't code a custom compatibility system" may absolutely be the right
> thing to say and do. But do we even have OpenSSL's ear, to make sure
> what was said here was heard?
Openssl 1.1 backwards compatability to Openssl 1.0
will not ever happen.
The best programmers can do is to program around
openssl 1.1 + Openssl less than 1.0 and libressl.
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising!
http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism
Merry Christmas 2016 and Happy New Year 2017
More information about the openssh-unix-dev