Hello,
right, your (second) build issue is caused by the --api=1.1.0 configuration, removing old interfaces. Drop it from your openssl configuration, and it will work fine. > particularly with tls1.3-capable openssl 1.1.1 "ComingSoon(tm)", might be > worth a review Haproxy 1.8 and -dev works fine with both openssl 1.1.1 and TLS 1.3. 1.1.1 is API compatible with 1.1.0 and there is nothing else on the roadmap as far as I know. A different OpenSSL API (1.2) will break all applications *anyway*, regardless whether we all remove supposedly obsolete interfaces today. On the other hand, likely the new API does not have all interfaces required to replace the old functionality. That's at least how it was with 1.1.0 (with things that where actually removed in 1.1.0). The --api=1.1.0 is helpful to understand what the openssl developers currently believe will be removed one day, but they change their opinion all the time and a new braking API change is not even announced at this point. That's why I suggest you don't worry about it and compile openssl without the API restriction. No OS will ship the openssl library with such options anyway. cheers, lukas
