Hello, On Fri, Feb 17, 2017 at 5:41 PM, Gert Doering <g...@greenie.muc.de> wrote: > Hi, > > On Fri, Feb 17, 2017 at 05:35:04PM +0100, Emmanuel Deloget wrote: >> I understand that I'm the new guy in town, but can you allow me to >> make the formal request to ditch OpenSSL 0.9.8, 1.0.0 and 1.0.1 and >> require at least version 1.0.2? > > I'm not going to make a call on any of these versions, I just want > to point out that we do need to (and *want* to) support older release > of distributions that do not ship "most recent" OpenSSL versions yet. > > So we're somewhat caught in the middle between arch linux with 1.1.0 > and something like RHEL that ships seriously old OpenSSL (with patches).
My feeling is that RHEL6 and RHEL 7 are shipping v1.0.1 at least (both updated the packages to 1.0.1e in March 2016). RHEL5 is still shipping v0.9.8 (but then the installation of openvpn on RHEL 5 and Centos 5 is fully manual as it seems there is no official packages for these distrubutions). Of course, I might be wrong. > This said, we need to regularily re-evaluate what the oldest distribution > is that a given OpenVPN branch should support, and then we can drop support > for older OpenSSL versions... I guess the answer to the riddle is: "how long will the 2.4 branch live?". v2.3 shipped in May 2013. If we assume that v2.4 will be the stable branch for two more years (I cannot find any roadmap, so this is pure speculation) then it might make sense for 2.5 to at least remove support for OpenSSL v0.9.8 (it would have been EoL'd for 3 years by then). I must admit that the fact that I can build OpenVPN against a security-focused library that haven't seen any evolution/bug fix/security fix in one year makes me pretty shaky :) > > gert > BR, -- Emmanuel Deloget ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
