On 14/03/2017 10:20 μμ, Willy Tarreau wrote: > On Tue, Mar 14, 2017 at 08:18:27PM +0100, Pavlos Parissis wrote: >>>> On Debian testing with openssl 1.1.0e, I get the following warnings when I >>>> compile 1.7 and 1.8: >>>> https://gist.githubusercontent.com/unixsurfer/9c42361822f23cfe36f3b2169133b551/raw/4665476fdfb2a94d287814a2c8a36215cbebb465/gistfile1.txt >>> >>> Yes these ones are known and for now we don't have any workaround. It >>> seems openssl 1.1 wants us to drop support for older TLS versions, but >>> we definitely can't do that so we'll have to live with the warnings :-/ >>> I couldn't find a way to make them disappear. >>> >> >> No worries, it compiles at the end and haproxy starts:-) > > Ah that's how I test it before releasing... Just kidding, I don't verify > that it starts :-) > > (...) >> I fully understand the situation, I will compile 1.6 against openssl 1.0.2 >> version >> on my Debian testing box. I am not using 1.6 version at all, too old :-), >> but I am >> reshuffling code in haproxyadmin python lib and I want to make sure it >> works with older versions of haproxy. > > OK cool! Just out of curiosity, are there some features of 1.7 that you've > already got used to and that prevent you from using 1.6, or is this just a > matter of staying on something modern ? >
The latter, I prefer to use the latest stable version. I usually wait 1 month before I switch to the new stable release[1]. For instance, I switched from 1.5 to 1.6 when 1.6.3 was released. Switching to 1.7 takes more time because I have other projects with higher priority. [1] With the only exception of 1.5, I switched to 1.5.0 only a day after it was released. Zero issues on production! But, I keep the config clean and very simple, I hate unnecessary complexity.
signature.asc
Description: OpenPGP digital signature
