Re: [openssl-users] TLS 1.3 and the release
PGNet Dev wrote: >> I'm just dealing with trying to get openssl 1.1.0 to get installed on Ubuntu >> bionic. Yes, there is a package, but all the other packages depend upon >> 1.0.x and many things are linking against 1.0.x rather than 1.1, when >> both are installed... I don't know why they build stuff against 1.0.x >> rather than 1.1.0: I think it's a packaging oops. > In the "I'm guessing this is NOT news to anyone HERE" category No kidding. If we want to push making TLS available 1.3, then we need to do some remedial work where. > Even the packages that DO 'build against' 1.1.0 frequently do so by banking > on deprecated symbols made possible by lazy (imo) api-compat usage. I found that libssl-dev was not upgraded from 1.0.0 version to 1.1.0 version when I did the dist-upgrade. Once I flushed that, I could then rebuild things like ruby (and it's openssl module) against 1.1.0 correctly, and *THEN* re-install libssl1.0 to make openssh happy. > Packagers are frequently NOT cleaning up their openssl version-check logic, > and cleaning out old-/deprecated- symbols. In my experience, most seem not > to be interested, either; instead, the response mantra to entreaties about > clean/modern "--api=1.1.0" compatibility is "that's not what the distros > provide; just use that". +1. signature.asc Description: PGP signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] TLS 1.3 and the release
I'm just dealing with trying to get openssl 1.1.0 to get installed on Ubuntu bionic. Yes, there is a package, but all the other packages depend upon 1.0.x and many things are linking against 1.0.x rather than 1.1, when both are installed... I don't know why they build stuff against 1.0.x rather than 1.1.0: I think it's a packaging oops. In the "I'm guessing this is NOT news to anyone HERE" category Even the packages that DO 'build against' 1.1.0 frequently do so by banking on deprecated symbols made possible by lazy (imo) api-compat usage. Packagers are frequently NOT cleaning up their openssl version-check logic, and cleaning out old-/deprecated- symbols. In my experience, most seem not to be interested, either; instead, the response mantra to entreaties about clean/modern "--api=1.1.0" compatibility is "that's not what the distros provide; just use that". -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] TLS 1.3 and the release
Salz, Rich via openssl-users wrote: > You probably know by now that TLS 1.3 was just released as RFC 8446; > https://www.rfc-editor.org/info/rfc8446 This note is just trying to > forestall a number of question threads. > Our release plan called for one final beta (there were various > draft-interop things to take out and some other little nits) and then > the official release. We have had no discussion of changing that plan. SUPER DUPER There are a bunch of non-openssl-project issues that are gonna need some coordination if we are gonna get TLS 1.3 out there better. I'm just dealing with trying to get openssl 1.1.0 to get installed on Ubuntu bionic. Yes, there is a package, but all the other packages depend upon 1.0.x and many things are linking against 1.0.x rather than 1.1, when both are installed... I don't know why they build stuff against 1.0.x rather than 1.1.0: I think it's a packaging oops. The story is worse for Xenial, on which many containers are presently based. Debian jessie/stretch and Devuan jessie/ascii might be in better situation, or maybe my observations of them are tainted by having installed from source. I realize that this is "not your problem", but I want to suggest that we open an Issue now in order to attract google hits so that it can be coordinated. In particular there are dozens of ubuntu PPAs that have rebuilds of openssl + XYZ, but 3/4 of them are stale... it would be nice to nominate a non-lame "winner" I can open such an Issue if you like. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect [ ] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[ signature.asc Description: PGP signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
