Status of OpenSSL 1.1 support
djm at mindrot.org
Tue Oct 17 09:39:50 AEDT 2017
On Mon, 16 Oct 2017, Colin Watson wrote:
> If my only other option is to use LibreSSL, then that will mean
> packaging LibreSSL separately, and https://bugs.debian.org/754513 seems
> to have petered out a couple of years ago, not to mention being a pile
> of work I really don't have time for as well as requiring overcoming
> non-trivial objections. I realise that this is not the OpenSSH team's
> problem as such, and that as a LibreSSL developer you may well not be
> super-sympathetic to this argument; but nevertheless, I don't think this
> is a viable option right now for us as a distributor.
I'm sorry to have put you in this situation, but we have an upstream who
is LibreSSL exclusively, a need to support LibreSSL and BoringSSL in the
portable version and limited time and resources of our own.
Even adopting the use of shims that give us the OpenSSL 1.1.x API means
considerable additional work for us, because OpenBSD doesn't use that
API. I'm willing to do it, but not if I'm going to be fighting the shims
themselves along the way.
More information about the openssh-unix-dev