Progress resolving OpenSSL 1.1.0 issues

The Doctor doctor at doctor.nl2k.ab.ca
Tue Dec 20 03:04:22 AEDT 2016 

On Mon, Dec 19, 2016 at 06:13:46AM -0800, jpbion at jfwest.com wrote:
> I know it has been stated that OpenSSL 1.1.0 is a non-starter for 
> OpenSSH until a better compatibility system is provided by OpenSSL, 
> allowing a single code-base to support interacting with both OpenSSL 
> 1.0.x and 1.1.x.
> 
> I also know various people have provided patches to OpenSSH offering 
> such support, but it also seems as if OpenSSH is waiting for something 
> official. These patches offered to OpenSSH may have forced users of 
> OpenSSH to move to OpenSSL 1.1.x - I haven't checked that out, and I 
> know that would be a non-starter. But perhaps they did offer a 
> compatibility layer.
> 
> Finally, I also realize OpenSSH has to work with multiple different SSL 
> providers, not just OpenSSL, and that OpenSSL has forced a whole slew of 
> changes on its 'customers'.
> 
> I worry about a deadlock, though. Does the OpenSSL team even know that 
> the OpenSSH project will not move toward 1.1.0 support until it provides 
> a simpler and official multi-version compatibility system? If there is 
> no communication with them, it is unlikely they'll think of working on 
> the compatibility system themselves (else it would have already been 
> provided, because it's a rather obvious and important need.) Or is the 
> OpenSSH team simply saying "until there is one, we won't support OpenSSL 
> 1.1.0" - hoping it just happens - but not making effort to see that it 
> does?
> 
> OpenSSH is one of the more important SSL 'customers' The view of "nope; 
> I won't code a custom compatibility system" may absolutely be the right 
> thing to say and do. But do we even have OpenSSL's ear, to make sure 
> what was said here was heard?
>

Openssl 1.1 backwards compatability to Openssl 1.0 
will not ever happen.

The best programmers can do is to program around

openssl 1.1 + Openssl less than 1.0 and libressl.

> Thanks!
> Joel
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! 
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
Merry Christmas 2016 and Happy New Year 2017

More information about the openssh-unix-dev mailing list