Hi Pavlos, On Tue, Mar 14, 2017 at 04:43:26PM +0100, Pavlos Parissis wrote: > Hi, > > On Debian testing with openssl 1.1.0e, I get the following warnings when I > compile 1.7 and 1.8: > https://gist.githubusercontent.com/unixsurfer/9c42361822f23cfe36f3b2169133b551/raw/4665476fdfb2a94d287814a2c8a36215cbebb465/gistfile1.txt
Yes these ones are known and for now we don't have any workaround. It seems openssl 1.1 wants us to drop support for older TLS versions, but we definitely can't do that so we'll have to live with the warnings :-/ I couldn't find a way to make them disappear. > When I compile 1.6 I get errors and compilation fails: > https://gist.githubusercontent.com/unixsurfer/4476410bbbaf2192af591123f4388850/raw/a733808a3028f0c9d7f53f4e699da6de3ae18969/gistfile1.txt This is indeed expected, openssl 1.1's API is very different from 1.0. > I compile it with: > make clean;make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 > USE_PCRE_JIT=1 USE_TPROXY=1 > > Am I the only seeing these warnings/errors? Searched on ML and someone > mentioned > that haproxy 1.6 wont support 1.1.0 version of openssl, is this accurate? > Having > openssl 1.0.2 and 1.1.0 on my personal development machine is fine, so zero > problems here if 1.6 does not support openssl 1.1.0 version. Yes that's accurate. The risk of breakage is far too high for this to be backported to 1.6. With 1.7 not much different from 1.6, we'll have all people willing to explore openssl 1.1 users upgrade to haproxy 1.7 with very limited risks (and BTW some of the bugs currently affecting 1.7 are also on 1.6 and are in fact uncovered by some fixes for bugs that were hiding other ones). Hoping this helps! Cheers, Willy
