Status of OpenSSL 1.1 support

Jakub Jelen jjelen at redhat.com
Tue Oct 17 21:45:26 AEDT 2017


On Mon, 2017-10-16 at 17:18 +0200, Ingo Schwarze wrote:
> > Fedora has the same policy, and so far has opted to ship a ~3600-
> > line
> > patch to OpenSSH to use the 1.1 API.
> 
> Frankly, i would feel uncomfortable using OpenSSH on Fedora.

Thank you for the support. Do you have any real reason to say so?

Yes, we opted to improve existing patch, implement missing parts, test
it and contribute it back to OpenSSH upstream in spite of moving
forward with OpenSSL upstream.

It takes some effort to do so, but we do not have to think about
bundling LibreSSL nor depend on soon-to-by-outdated OpenSSL.

As these threads appear all over and over again on this list, Fedora is
not the only distro that had this problem and would like to see it
resolved in a sensible way, but it is stalled in this point for over a
year.

Regards,
-- 
Jakub Jelen
Software Engineer
Security Technologies
Red Hat, Inc.


More information about the openssh-unix-dev mailing list