On Wed, Nov 16, 2016 at 11:05:13PM +0100, Stefan Fritsch wrote: >... > BTW, I am pretty sure that support for enhanced master secret and chacha20 > will appear for openssl 1.0.2 before the release of stretch+1, if only > because > redhat needs it for its long support cycles. Back-porting that to stretch in > a > year or so in a stable-point-release would IMHO be the best option.
At least for ChaCha20 there are patches available for OpenSSL 1.0.2 that are already being used elsewhere. > When > Apache httpd 2.4 came out, I was also quite disappointed that it could not be > included in squeeze, but mod_perl was not ready at the time and it would not > have made any sense to include an inofficial forward-port of mod_perl to 2.4 > in > Debian. In the same way, I don't think it is a good idea to include lots of > patches for openssl 1.1, with little testing. > > Cheers, > Stefan cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed