Big ACK from the security team. We would like to see this backported into bionic at some point and having it in cosmic first would allow us to identify and fix any issues.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1793092 Title: [FFe] openssl 1.1.1 Status in openssl package in Ubuntu: New Bug description: Merge openssl 1.1.1 from debian unstable. OpenSSL 1.1.1 is now out, with TLS1.3 support, and is the new upstream LTS release. Preserving existing delta: - Replace duplicate files in the doc directory with symlinks. - debian/libssl1.1.postinst: + Display a system restart required notification on libssl1.1 upgrade on servers. + Use a different priority for libssl1.1/restart-services depending on whether a desktop, or server dist-upgrade is being performed. With further changes to diverge from Debian to: - Revert "Enable system default config to enforce TLS1.2 as a minimum" & "Increase default security level from 1 to 2". - Further decrease security level from 1 to 0, for compatibility with openssl 1.0.2. These mitigate most of the runtime incompatibilities, and ensure client<->server compatibility between 1.1.1, 1.1.0, and 1.0.2 series and thus one can continue to mix & match xenial/bionic/cosmic releases. Proposed package is in https://launchpad.net/~xnox/+archive/ubuntu/openssl with a rebuild of all the reverse dependencies. It demonstrates that openssl compiled as above is more compatible and has less issues than debian config, and has only a small fallout which is being analyzed right now. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1793092/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
