Status of OpenSSL 1.1 support

Sebastian Andrzej Siewior openssh at ml.breakpoint.cc
Sat Oct 14 08:58:12 AEDT 2017


Hi,

more or less a year ago Kurt Roeckx provided an initial port towards the
OpenSSL 1.1 API [0]. The patch has been left untouched [1] and it has
been complained about a missing compat layer of the new vs the old API
within the OpenSSL library [2].
This is how I reconstructed the situation as of today and I am not
aware of any progress in regard to the newer library within the OpenSSH
project. Did I miss any significant development?

In the `meantime', OpenSSL provides a kind of compat layer [3] which
(they suggested) should be included in the downstream projects [4].

Is this enough / acceptable? What would the project like to see? I know
that OpenBSD itself is more focused on the LibreSSL library but I would
like to avoid that every one carries (and maintains) a big patch around.

[0] https://lists.mindrot.org/pipermail/openssh-unix-dev/2016-September/035378.html
[1] I know that Fedora ships it.
[2] https://lists.mindrot.org/pipermail/openssh-unix-dev/2016-November/035456.html
[3] https://wiki.openssl.org/images/e/ed/Openssl-compat.tar.gz
[4] https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes#Compatibility_Layer

Sebastian


More information about the openssh-unix-dev mailing list