Status of OpenSSL 1.1 support

The Doctor doctor at doctor.nl2k.ab.ca
Tue Oct 17 22:54:52 AEDT 2017


On Tue, Oct 17, 2017 at 12:45:26PM +0200, Jakub Jelen wrote:
> On Mon, 2017-10-16 at 17:18 +0200, Ingo Schwarze wrote:
> > > Fedora has the same policy, and so far has opted to ship a ~3600-
> > > line
> > > patch to OpenSSH to use the 1.1 API.
> > 
> > Frankly, i would feel uncomfortable using OpenSSH on Fedora.
> 
> Thank you for the support. Do you have any real reason to say so?
> 
> Yes, we opted to improve existing patch, implement missing parts, test
> it and contribute it back to OpenSSH upstream in spite of moving
> forward with OpenSSL upstream.
> 
> It takes some effort to do so, but we do not have to think about
> bundling LibreSSL nor depend on soon-to-by-outdated OpenSSL.
> 
> As these threads appear all over and over again on this list, Fedora is
> not the only distro that had this problem and would like to see it
> resolved in a sensible way, but it is stalled in this point for over a
> year.
>

OPenSSH is based on OPenBSD developemnt.

The best solution is if (LIBRESSL) || (OPENSSL < 1010...)

Else

Whatever.

Is that too much work?

> Regards,
> -- 
> Jakub Jelen
> Software Engineer
> Security Technologies
> Red Hat, Inc.
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
https://www.empire.kred/ROOTNK?t=94a1f39b  Look at Psalms 14 and 53 on Atheism
Talk Sense to a fool and he calls you foolish - Euripides


More information about the openssh-unix-dev mailing list