On Tue, Nov 17, 2020 at 02:50:52PM +0100, William Lallemand wrote:
> I agree with that, however the problem will be the test of features that
> require an up to date version of OpenSSL, maybe we should improve the
> script so we could at least exclude non-openssl and non-1.1.1 versions.
This is a good point, and actually this currently is causing me test
failures on my home PC, that I've learned to ignore for the same reason
(openssl 1.0.2). This would also help with the myriad of openssl ersatz
out there.
> > By the way, RHEL6/CentOS6 are not the only ones affected by the OpenSSL
> > 1.0.2 maintenance mess, there's Ubuntu 16.04 as well, which gets regular
> > maintenance till April 2021 and extended maintenance till April 2024.
> > And yes, I do want to see older versions of openssl continue to work as
> > long as it doesn't come with too high a maintenance cost.
> >
> It looks worse with CentOS, it uses a 1.0.1 release :-)
Ah, there's also Ubuntu 14 in this situation apparently, which is still
under extended maintenance till April 2022. However I doubt anyone uses
it for that long.
If you remember, RHEL7/CentOS7 were released with 1.0.1, and had to upgrade
mid-way to 1.0.2 due to the pressure of everyone asking for ALPN support.
I'm reading that EL7 should stay on 1.0.2 for a while due to the ABI/API
compatibility issues between 1.0.2 and 1.1.x (not surprising):
https://access.redhat.com/solutions/2728111
That's one more reason for properly supporting 1.0.2 then!
Willy
