On 6/22/18 5:21 PM, William Lallemand wrote:
Well, unfortunately haproxy is a very portable software which compiles with a
huge number of openssl and boringssl versions,
Sure. So are a lot of other apps.
> it's complicated to keep everything clean but any help is welcomed.
Step 1 has been simply to understand the problem.
particularly with tls1.3-capable openssl 1.1.1 "ComingSoon(tm)", might be worth
a review
What are you suggesting there ? I'm not sure of following, is there a problem
with tls1.3 in haproxy?
What I'm suggesting is that there's a possibility -- as per my other
post, still unclear to me -- that openssl 1.1.1, with which tls1.3
support will officially 'arrive', will have tighter restrictions on use
of prior versions' APIs.
Will use of v<1.1.0 apis still be just deprecated? or dropped? And, in
either case, how will downstream apps -- e.g., haproxy -- deal with it.
Currently, apparently, haproxy doesn't deal with the legacy-free,
current Openssl api, at all.
Which simply causes me some pause.
