Status of OpenSSL 1.1 support

Sebastian Andrzej Siewior openssh at
Sat Oct 14 08:58:12 AEDT 2017


more or less a year ago Kurt Roeckx provided an initial port towards the
OpenSSL 1.1 API [0]. The patch has been left untouched [1] and it has
been complained about a missing compat layer of the new vs the old API
within the OpenSSL library [2].
This is how I reconstructed the situation as of today and I am not
aware of any progress in regard to the newer library within the OpenSSH
project. Did I miss any significant development?

In the `meantime', OpenSSL provides a kind of compat layer [3] which
(they suggested) should be included in the downstream projects [4].

Is this enough / acceptable? What would the project like to see? I know
that OpenBSD itself is more focused on the LibreSSL library but I would
like to avoid that every one carries (and maintains) a big patch around.

[1] I know that Fedora ships it.


More information about the openssh-unix-dev mailing list