Re: [openssl-project] Next release is beta1

2018-03-05 Thread Matt Caswell 


On 04/03/18 16:30, Kurt Roeckx wrote:
> On Sun, Mar 04, 2018 at 02:44:01PM +, Salz, Rich wrote:
>> I also intend to merge the config file .include PR (5351), and I want us to 
>> decide about 4848.
> 
> I have to agree that I want to resolv 4848 (reading config file to
> select things like supported ciphers.)
> 
> An other important change is related to cipher selection and TLS
> 1.3, not sure what the status there is.

Yes, this is a good point. That does need to go in before beta.

https://github.com/openssl/openssl/pull/5392

The status is that, although there has been some discussion on the PR,
no one has started to review it yet. Hint hint! Anyone?

Matt
___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] Next release is beta1

2018-03-04 Thread Benjamin Kaduk 
On Sun, Mar 04, 2018 at 05:30:32PM +0100, Kurt Roeckx wrote:
> On Sun, Mar 04, 2018 at 02:44:01PM +, Salz, Rich wrote:
> > I also intend to merge the config file .include PR (5351), and I want us to 
> > decide about 4848.
> 
> I have to agree that I want to resolv 4848 (reading config file to
> select things like supported ciphers.)

So far my personal opinion on this one is that I'd rather wait until
1.2 and actually change the SSL_CTX_new() behavior, as opposed to
having to add a new API that not much software would be using.  (To
be clear, I think that changing SSL_CTX_new() to read a systemwide
config file is inconsistent with our API stability policy for dot
releases.)  This is perhaps complicated by the interplay with #2397,
which also wants to extend SSL_CTX_new() for sharing session caches
between SSL_CTXes.  (This behavior inherently requires a new API.)

-Ben
___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] Next release is beta1

2018-03-04 Thread Kurt Roeckx 
On Sun, Mar 04, 2018 at 02:44:01PM +, Salz, Rich wrote:
> I also intend to merge the config file .include PR (5351), and I want us to 
> decide about 4848.

I have to agree that I want to resolv 4848 (reading config file to
select things like supported ciphers.)

An other important change is related to cipher selection and TLS
1.3, not sure what the status there is.

There is also still work going on related to the DRBG API.


Kurt

___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] Next release is beta1

2018-03-04 Thread Salz, Rich 
Kurt raises an excellent point.

I want this in the release:
https://github.com/openssl/openssl/pull/5438

I want discussion about these two, hopefully concluding that they be in the 
release:
https://github.com/openssl/openssl/pull/5326
https://github.com/openssl/openssl/pull/5320

On 3/4/18, 7:57 AM, "Kurt Roeckx"  wrote:

On Fri, Mar 02, 2018 at 11:09:30AM +, Matt Caswell wrote:
> Just a reminder, in case anyone missed it, that our next planned release
> on 13th March is beta1. This means we will be calling a feature freeze
> for 1.1.1 and we will create the new branch. If you've got any
> outstanding feature PRs that you want in for 1.1.1 - then now is the
> time to get them finished off!

The other option is that we delay going to beta, but then people
would need to speak up now about what they would like to see
happen before going to beta.


Kurt

___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project


___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] Next release is beta1

2018-03-04 Thread Kurt Roeckx 
On Fri, Mar 02, 2018 at 11:09:30AM +, Matt Caswell wrote:
> Just a reminder, in case anyone missed it, that our next planned release
> on 13th March is beta1. This means we will be calling a feature freeze
> for 1.1.1 and we will create the new branch. If you've got any
> outstanding feature PRs that you want in for 1.1.1 - then now is the
> time to get them finished off!

The other option is that we delay going to beta, but then people
would need to speak up now about what they would like to see
happen before going to beta.


Kurt

___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project