Status of OpenSSL 1.1 support
The Doctor
doctor at doctor.nl2k.ab.ca
Tue Oct 17 22:54:52 AEDT 2017
On Tue, Oct 17, 2017 at 12:45:26PM +0200, Jakub Jelen wrote:
> On Mon, 2017-10-16 at 17:18 +0200, Ingo Schwarze wrote:
> > > Fedora has the same policy, and so far has opted to ship a ~3600-
> > > line
> > > patch to OpenSSH to use the 1.1 API.
> >
> > Frankly, i would feel uncomfortable using OpenSSH on Fedora.
>
> Thank you for the support. Do you have any real reason to say so?
>
> Yes, we opted to improve existing patch, implement missing parts, test
> it and contribute it back to OpenSSH upstream in spite of moving
> forward with OpenSSL upstream.
>
> It takes some effort to do so, but we do not have to think about
> bundling LibreSSL nor depend on soon-to-by-outdated OpenSSL.
>
> As these threads appear all over and over again on this list, Fedora is
> not the only distro that had this problem and would like to see it
> resolved in a sensible way, but it is stalled in this point for over a
> year.
>
OPenSSH is based on OPenBSD developemnt.
The best solution is if (LIBRESSL) || (OPENSSL < 1010...)
Else
Whatever.
Is that too much work?
> Regards,
> --
> Jakub Jelen
> Software Engineer
> Security Technologies
> Red Hat, Inc.
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism
Talk Sense to a fool and he calls you foolish - Euripides
More information about the openssh-unix-dev
mailing list