OpenSSL 1.1.0 support

Damien Miller djm at mindrot.org
Fri Nov 18 11:41:41 AEDT 2016


On Tue, 15 Nov 2016, Jakub Jelen wrote:

> On 11/15/2016 12:02 AM, Damien Miller wrote:
> > On Mon, 14 Nov 2016, Jakub Jelen wrote:
> > 
> > > Thank you for the comments. I understand the upstream directions and
> > > that the OpenSSL step is not ideal. The distros will probably have to
> > > carry these patches until the changes will settle down a bit.
> > AFAIK Red Hat employs at least one OpenSSL maintainer. What is their
> > view on this situation?
> 
> Yes, you got a message off-the-list from Tomas Mraz, our OpenSSL maintainer,
> one week ago. The OpenSSL certainly wants to resolve these issues from their
> side (compat library in addition to 1.0.2 from OpenSSL side). But that will
> not help us with compatibility against LibreSSL if I see right.

For my part, I'm going to wait a while to see what migration improvements
come from OpenSSL and I don't plan on merging any changes to support 1.1.x
until there's a better story.

I'm sure that if OpenSSL come up with a cleaner way for their users to
support 1.0.x and 1.1.x then it will be easier to convince Libre/BoringSSL
to follow suit.

-d


More information about the openssh-unix-dev mailing list