On Sat Feb 14, 2026 at 12:01 AM CET, Colin McAllister via lists.openembedded.org wrote: > TLS 1.0 and 1.1 have been deprecated by the IETF since 2021, and > OpenSSL's legacy module contains deprecated and unmaintained components. > This series disables legacy support by default in both OpenSSL and > python3-cryptography, requiring users to explicitly opt-in if needed. > > The first two patches add packageconfig options to control legacy TLS > protocol support and the legacy OpenSSL module. The final patch aligns > python3-cryptography with the new OpenSSL defaults. > > Note that the TLS 1.0/1.1 changes replace the existing "no-tls1" and > "no-tls1_1" packageconfig options with affirmative "tls1" and "tls1_1" > options that are disabled by default. While less disruptive to enable > the "no-*" options by default, using affirmative options provides > consistency with the new "legacy" option and is clearer than having > default-enabled "no-*" options. >
Hi Colin, Thanks for the new version. I believe we have a new error: ERROR: core-image-sato-1.0-r0 do_rootfs: Could not invoke dnf. Command '/srv/pokybuild/yocto-worker/multilib/build/build/tmp/work/qemux86_64-poky-linux/core-image-sato/1.0/recipe-sysroot-native/usr/bin/dnf -v --rpmverbosity=info -y -c /srv/pokybuild/yocto-worker/multilib/build/build/tmp/work/qemux86_64-poky-linux/core-image-sato/1.0/rootfs/etc/dnf/dnf.conf --setopt=reposdir=/srv/pokybuild/yocto-worker/multilib/build/build/tmp/work/qemux86_64-poky-linux/core-image-sato/1.0/rootfs/etc/yum.repos.d --installroot=/srv/pokybuild/yocto-worker/multilib/build/build/tmp/work/qemux86_64-poky-linux/core-image-sato/1.0/rootfs --setopt=logdir=/srv/pokybuild/yocto-worker/multilib/build/build/tmp/work/qemux86_64-poky-linux/core-image-sato/1.0/temp --repofrompath=oe-repo,/srv/pokybuild/yocto-worker/multilib/build/build/tmp/work/qemux86_64-poky-linux/core-image-sato/1.0/oe-rootfs-repo --nogpgcheck install dnf packagegroup-base-extended packagegroup-core-boot packagegroup-core-ssh-dropbear packagegroup-core-x11-base packagegroup-core-x11-sato pango-module-basic-fc psplash rpm run-postinsts lib32-connman-gnome lib32-pango-module-basic-fc locale-base-c locale-base-en-us locale-base-en-gb' returned 1: ... Error: Transaction test error: file /etc/ssl/openssl.cnf conflicts between attempted installs of lib32-openssl-conf-3.5.5-r0.x86 and openssl-conf-3.5.5-r0.x86_64_v3 https://autobuilder.yoctoproject.org/valkyrie/#/builders/92/builds/3170 Can you have a look at the issue? Thanks, Mathieu -- Mathieu Dubois-Briand, Bootlin Embedded Linux and Kernel engineering https://bootlin.com
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#231165): https://lists.openembedded.org/g/openembedded-core/message/231165 Mute This Topic: https://lists.openembedded.org/mt/117801633/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
