Dropping support for OpenSSL <1.1.1, LibreSSL <3.1.0

The Doctor doctor at doctor.nl2k.ab.ca
Tue Feb 21 02:44:26 AEDT 2023

On Fri, Feb 17, 2023 at 03:17:58PM +1100, Damien Miller wrote:
> Hi,
> We carry some compat code for old OpenSSL <1.1.1 and LibreSSL <3.1.0.
> OpenSSL 1.0.x is no longer supported upstream and AFAIK LibreSSL do
> not support old versions at all.
> I'd like to retire this config code, which would mean that users on
> platforms that include the versions of libcrypto would have to either
> bring their own libcrypto or compile OpenSSH --without-openssl (and
> accept the very limited crypto algorithm selection in the resulting
> build).
> AFAIK most supported mainstream OSs have long since moved on from
> these versions. The only OSs that seem to use OpenSSL 1.0.x are RHEL7
> (in some commercial limited extended support mode) and Ubuntu 14.04
> (supported until 2024/04).
> IMO almost nobody will be upgrading OpenSSH on these systems, and
> (also IMO) they aren't worth the cost of maintaining the
> compatibility code.
> Before I go ahead and delete it, does anyone have opinions to the
> contrary?

Good idea!

> -d
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

Member - Liberal International This is doctor at nk.ca Ici doctor at nk.ca
Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b 
Rather than confront their ways and turn from folly they seek lies to cover themselves, and so all their work will be destroyed. -unknown Beware https://mindspring.com

More information about the openssh-unix-dev mailing list