OpenSSL 1.1.0 support

Damien Miller djm at
Thu Nov 3 10:50:33 AEDT 2016

On Wed, 2 Nov 2016, Michael Stone wrote:

> On Thu, Nov 03, 2016 at 09:33:23AM +1100, Damien Miller wrote:
> > It's disappointing though that OpenSSL didn't see fit to write their own
> > set of 1.0.x->1.1.x API shims and ship it alongside 1.0.x releases. It
> > would have made the transition easier for everyone I think.
> Given how much flack they got from various quarters, including in
> particular the libressl folks, for carrying "too much legacy baggage" that
> would have ironic if nothing else.

I think you misunderstand: I'm not suggesting they carry 1.0.x API in
1.1.x (that would be self-defeating), but providing standard forward-
compat code in 1.0.x so everyone else doesn't have to write their own.

IMO nobody is in a better position to write said compat code than
the OpenSSL developers and forcing application developers to write
them greatly multiplies the number of shim implementations and thus
the likelihood of bugs in one or more of them.


More information about the openssh-unix-dev mailing list