Re: [openssl-project] Release Criteria Update
On Tue, Sep 04, 2018 at 05:11:41PM +0100, Matt Caswell wrote: > There are 2 open issues for 1.1.1. One of these is being addressed by > PR#7073 above. The other one is: > > #7014 TLSv1.2 SNI hostname works in 1.1.0h, not in 1.1.1 master (as of > 18-Aug) > > This one seems stuck!! No clear way forward as yet. > > Ben - any views? I'm thinking that the ABI stability argument is going to win me over and we should continue to return the client's offered SNI in all cases until 1.2.0. Hoping to get a patch out this morning (US pacific) -- yesterday was a national holiday. -Ben ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
[openssl-project] Release Criteria Update
Current status of the 1.1.1 PRs/issues: There are currently 6 open PRs for 1.1.1. However in 2 cases there are 2 alternative implementations for the same thing - so really there are only 4 issues being addressed. One of these is in the "ready" state. The remaining 3 are: #7114 Process KeyUpdate and NewSessionTicket messages after a close_notify (an alternative to the older PR, #7058) Awaiting review Owner: Matt #7113 An alternative to address the SM2 ID issues (an alternative to the older PR, #6757) Currently being reviewed Owner: Paul Yang #7073 Support EdDSA in apps/speed Awaiting updates following review comments Owner: Paul Yang There are 2 open issues for 1.1.1. One of these is being addressed by PR#7073 above. The other one is: #7014 TLSv1.2 SNI hostname works in 1.1.0h, not in 1.1.1 master (as of 18-Aug) This one seems stuck!! No clear way forward as yet. Ben - any views? Matt ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
[openssl-project] Monthly Status Report (August)
As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month: - Attended a number of conference calls related to FIPS - Attended the week long FIPS summit in Brisbane. A lot was achieved and write ups of the various discussions that were held will appear over the coming weeks and months. - Various activities trying to shepherd the 1.1.1 release towards a conclusion - Produced a PR to revert the TLSv1.2 to TLSv1.3 PSK reuse. Ultimately it was decided to retain the reuse and the PR was closed without merge. - Performed the 1.1.0i and 1.0.2p releases - Fixed an issue where under certain error conditions a call to SSLfatal could be missed - Resolved some issues with TLSv1.3 alerts after early_data - Fixed compilation with no-comp - Implemented some improvements to the TLSv1.3 fallback protection - Implemented some improvements for the usability of the ca app using EdDSA - Fixed some documentation that incorrectly stated we used md5 as a default in the req app - Created a PR to a fix problems in a scenario with a client that only writes and a server that only reads - Implemented updates required for the final TLSv1.3 version (RFC8446) - Changed post-handshake auth so that it is opt-in only - Attended the OSTIF advisory committee meeting - Fixed an issue in certain circumstances where a fallback/downgrade was incorrectly being reported - Performed the 1.1.1-pre9 release - Made some clarifications to the EVP_DigestSign*/EVP_DigestVerify* docs - Fixed some mem leaks on error paths Matt ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
