Re: [openssl-users] openssl 1.0.2 and TLS 1.3
> On Sep 11, 2018, at 9:58 AM, The Doctor wrote: > > So Openssh, NTPd, MOd_pagespeed have to adopt OPEnssl 1.1X API > in order to use TLS 1.3 . OpenSSH does not use TLS or libssl, so does not need that OpenSSL 1.1.x feature. It could still benefit from libcrypto algorithm improvements that result in more constant behaviour and/or other improvements. While OpenBSD may be slow to port to OpenSSL 1.1.x, porting OpenSSH to 1.1.x is not difficult. Christos Zoulas has done that for NetBSD, the latest HPN patches port OpenSSH to OpenSSL 1.1.0 [ I used the HPN patches for OpenSSH 7.7p1 as a starting point, and have a clean build of OpenSSH 7.8p1 with OpenSSL 1.1.x after some minor improvements. ] -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] openssl 1.0.2 and TLS 1.3
On 11/09/18 15:12, Perrow, Graeme wrote: > AFAIK 1.1.1 does not support the FIPS module, which means that those of us > who require FIPS must stay on 1.0.2. Any ETA on when FIPS support might be > added? TBD. Likely to be next year (before the EOL of 1.0.2) IMO. Our development focus is now shifting from implementing TLSv1.3 to implementing the new FIPS module. Matt > > Graeme > > -Original Message- > From: openssl-users On Behalf Of Matt > Caswell > Sent: September 11, 2018 4:31 AM > To: openssl-users@openssl.org > Subject: Re: [openssl-users] openssl 1.0.2 and TLS 1.3 > > > > On 11/09/18 09:05, Dr. Matthias St. Pierre wrote: >>> Von: openssl-users Im Auftrag von The >>> Doctor >>> Gesendet: Dienstag, 11. September 2018 08:49 >>> An: openssl-users@openssl.org; openssl-...@openssl.org >>> Betreff: [openssl-users] openssl 1.0.2 and TLS 1.3 >>> >>> Will that combination occur? >> >> Support for TLS 1.3 is a new feature in OpenSSL 1.1.1 which will be released >> today. >> OpenSSL 1.0.2 is an LTS release which will only receive security updates and >> no new >> features. > > Strictly speaking 1.0.2 will receive bug fixes and security fixes until > the end of this year. From the end of this year until the end of 2019 it > will receive security fixes only. In any case it will receive no new > features (including TLSv1.3). > > From the release of 1.1.1 (today), 1.1.0 will receive security fixes > only for one year. > > Matt > > > >> >> HTH, >> Matthias >> >> See also >> https://wiki.openssl.org/index.php/TLS1.3 >> https://www.openssl.org/policies/releasestrat.html >> >> >> -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] openssl 1.0.2 and TLS 1.3
AFAIK 1.1.1 does not support the FIPS module, which means that those of us who require FIPS must stay on 1.0.2. Any ETA on when FIPS support might be added? Graeme -Original Message- From: openssl-users On Behalf Of Matt Caswell Sent: September 11, 2018 4:31 AM To: openssl-users@openssl.org Subject: Re: [openssl-users] openssl 1.0.2 and TLS 1.3 On 11/09/18 09:05, Dr. Matthias St. Pierre wrote: >> Von: openssl-users Im Auftrag von The >> Doctor >> Gesendet: Dienstag, 11. September 2018 08:49 >> An: openssl-users@openssl.org; openssl-...@openssl.org >> Betreff: [openssl-users] openssl 1.0.2 and TLS 1.3 >> >> Will that combination occur? > > Support for TLS 1.3 is a new feature in OpenSSL 1.1.1 which will be released > today. > OpenSSL 1.0.2 is an LTS release which will only receive security updates and > no new > features. Strictly speaking 1.0.2 will receive bug fixes and security fixes until the end of this year. From the end of this year until the end of 2019 it will receive security fixes only. In any case it will receive no new features (including TLSv1.3). >From the release of 1.1.1 (today), 1.1.0 will receive security fixes only for one year. Matt > > HTH, > Matthias > > See also > https://wiki.openssl.org/index.php/TLS1.3 > https://www.openssl.org/policies/releasestrat.html > > > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] openssl 1.0.2 and TLS 1.3
On Tue, Sep 11, 2018 at 03:01:38PM +0100, Matt Caswell wrote: > > > On 11/09/18 14:58, The Doctor wrote: > > On Tue, Sep 11, 2018 at 09:31:23AM +0100, Matt Caswell wrote: > >> > >> > >> On 11/09/18 09:05, Dr. Matthias St. Pierre wrote: > >>>> Von: openssl-users Im Auftrag von > >>>> The Doctor > >>>> Gesendet: Dienstag, 11. September 2018 08:49 > >>>> An: openssl-users@openssl.org; openssl-...@openssl.org > >>>> Betreff: [openssl-users] openssl 1.0.2 and TLS 1.3 > >>>> > >>>> Will that combination occur? > >>> > >>> Support for TLS 1.3 is a new feature in OpenSSL 1.1.1 which will be > >>> released today. > >>> OpenSSL 1.0.2 is an LTS release which will only receive security updates > >>> and no new > >>> features. > >> > >> Strictly speaking 1.0.2 will receive bug fixes and security fixes until > >> the end of this year. From the end of this year until the end of 2019 it > >> will receive security fixes only. In any case it will receive no new > >> features (including TLSv1.3). > >> > >> >From the release of 1.1.1 (today), 1.1.0 will receive security fixes > >> only for one year. > >> > >> Matt > >> > >> > > > > Got you. > > > > So Openssh, NTPd, MOd_pagespeed have to adopt OPEnssl 1.1X API > > in order to use TLS 1.3 . > > Yes. I would encourage *all* applications still on the 1.0.x API to move > to 1.1.1 asap. By the end of next year there will be no supported > OpenSSL version that has the old API. > > > Matt > > I will forward this to the many mailing lists I belong to. > > >> > >>> > >>> HTH, > >>> Matthias > >>> > >>> See also > >>> https://wiki.openssl.org/index.php/TLS1.3 > >>> https://www.openssl.org/policies/releasestrat.html > >>> > >>> > >>> > >> -- > >> openssl-users mailing list > >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism NB 24 Sept vote Liberal! Quebec votez contre le PQ et le QS des 1 October 2018! -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] openssl 1.0.2 and TLS 1.3
>So Openssh, NTPd, MOd_pagespeed have to adopt OPEnssl 1.1X API in order to use TLS 1.3 . Yes. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] openssl 1.0.2 and TLS 1.3
On 11/09/18 14:58, The Doctor wrote: > On Tue, Sep 11, 2018 at 09:31:23AM +0100, Matt Caswell wrote: >> >> >> On 11/09/18 09:05, Dr. Matthias St. Pierre wrote: >>>> Von: openssl-users Im Auftrag von The >>>> Doctor >>>> Gesendet: Dienstag, 11. September 2018 08:49 >>>> An: openssl-users@openssl.org; openssl-...@openssl.org >>>> Betreff: [openssl-users] openssl 1.0.2 and TLS 1.3 >>>> >>>> Will that combination occur? >>> >>> Support for TLS 1.3 is a new feature in OpenSSL 1.1.1 which will be >>> released today. >>> OpenSSL 1.0.2 is an LTS release which will only receive security updates >>> and no new >>> features. >> >> Strictly speaking 1.0.2 will receive bug fixes and security fixes until >> the end of this year. From the end of this year until the end of 2019 it >> will receive security fixes only. In any case it will receive no new >> features (including TLSv1.3). >> >> >From the release of 1.1.1 (today), 1.1.0 will receive security fixes >> only for one year. >> >> Matt >> >> > > Got you. > > So Openssh, NTPd, MOd_pagespeed have to adopt OPEnssl 1.1X API > in order to use TLS 1.3 . Yes. I would encourage *all* applications still on the 1.0.x API to move to 1.1.1 asap. By the end of next year there will be no supported OpenSSL version that has the old API. Matt > >> >>> >>> HTH, >>> Matthias >>> >>> See also >>> https://wiki.openssl.org/index.php/TLS1.3 >>> https://www.openssl.org/policies/releasestrat.html >>> >>> >>> >> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] openssl 1.0.2 and TLS 1.3
On Tue, Sep 11, 2018 at 09:31:23AM +0100, Matt Caswell wrote: > > > On 11/09/18 09:05, Dr. Matthias St. Pierre wrote: > >> Von: openssl-users Im Auftrag von The > >> Doctor > >> Gesendet: Dienstag, 11. September 2018 08:49 > >> An: openssl-users@openssl.org; openssl-...@openssl.org > >> Betreff: [openssl-users] openssl 1.0.2 and TLS 1.3 > >> > >> Will that combination occur? > > > > Support for TLS 1.3 is a new feature in OpenSSL 1.1.1 which will be > > released today. > > OpenSSL 1.0.2 is an LTS release which will only receive security updates > > and no new > > features. > > Strictly speaking 1.0.2 will receive bug fixes and security fixes until > the end of this year. From the end of this year until the end of 2019 it > will receive security fixes only. In any case it will receive no new > features (including TLSv1.3). > > >From the release of 1.1.1 (today), 1.1.0 will receive security fixes > only for one year. > > Matt > > Got you. So Openssh, NTPd, MOd_pagespeed have to adopt OPEnssl 1.1X API in order to use TLS 1.3 . > > > > > HTH, > > Matthias > > > > See also > > https://wiki.openssl.org/index.php/TLS1.3 > > https://www.openssl.org/policies/releasestrat.html > > > > > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism NB 24 Sept vote Liberal! Quebec votez contre le PQ et le QS des 1 October 2018! -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] openssl 1.0.2 and TLS 1.3
On 11/09/18 09:05, Dr. Matthias St. Pierre wrote: >> Von: openssl-users Im Auftrag von The >> Doctor >> Gesendet: Dienstag, 11. September 2018 08:49 >> An: openssl-users@openssl.org; openssl-...@openssl.org >> Betreff: [openssl-users] openssl 1.0.2 and TLS 1.3 >> >> Will that combination occur? > > Support for TLS 1.3 is a new feature in OpenSSL 1.1.1 which will be released > today. > OpenSSL 1.0.2 is an LTS release which will only receive security updates and > no new > features. Strictly speaking 1.0.2 will receive bug fixes and security fixes until the end of this year. From the end of this year until the end of 2019 it will receive security fixes only. In any case it will receive no new features (including TLSv1.3). >From the release of 1.1.1 (today), 1.1.0 will receive security fixes only for one year. Matt > > HTH, > Matthias > > See also > https://wiki.openssl.org/index.php/TLS1.3 > https://www.openssl.org/policies/releasestrat.html > > > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] openssl 1.0.2 and TLS 1.3
> Von: openssl-users Im Auftrag von The > Doctor > Gesendet: Dienstag, 11. September 2018 08:49 > An: openssl-users@openssl.org; openssl-...@openssl.org > Betreff: [openssl-users] openssl 1.0.2 and TLS 1.3 > > Will that combination occur? Support for TLS 1.3 is a new feature in OpenSSL 1.1.1 which will be released today. OpenSSL 1.0.2 is an LTS release which will only receive security updates and no new features. HTH, Matthias See also https://wiki.openssl.org/index.php/TLS1.3 https://www.openssl.org/policies/releasestrat.html -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] openssl 1.0.2 and TLS 1.3
Will that combination occur? -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism NB 24 Sept vote Liberal! Quebec votez contre le PQ et le QS des 1 October 2018! -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users