** Description changed: [Impact] - * OpenSSL 1.1.1 is an LTS release upstream, which will continue to + * OpenSSL 1.1.1 is an LTS release upstream, which will continue to receive security support for much longer than 1.1.0 series will. - * OpenSSL 1.1.1 comes with support for TLS v1.3 which is expected to be + * OpenSSL 1.1.1 comes with support for TLS v1.3 which is expected to be rapidly adopted due to increased set of supported hashes & algoes, as well as improved handshake [re-]negotiation. - * OpenSSL 1.1.1 comes with improved hw-acceleration capabilities. + * OpenSSL 1.1.1 comes with improved hw-acceleration capabilities. - * OpenSSL 1.1.1 is ABI/API compatible with 1.1.0, however some software + * OpenSSL 1.1.1 is ABI/API compatible with 1.1.0, however some software is sensitive to the negotiation handshake and may either need patches/improvements or clamp-down to maximum v1.2. - [Test Case] - * Rebuild all reverse dependencies + * Rebuild all reverse dependencies - * Execute autopkg tests for all of them + * Execute autopkg tests for all of them - * Clamp down to TLS v1.2 software that does not support TLS v1.3 (e.g. mongodb) - - * Backport TLS v1.3 support patches, where applicable + * Clamp down to TLS v1.2 software that does not support TLS v1.3 (e.g. + mongodb) + + * Backport TLS v1.3 support patches, where applicable [Regression Potential] - * Connectivity interop is the biggest issues which will be unavoidable + * Connectivity interop is the biggest issues which will be unavoidable with introducing TLS v1.3. However, tests on cosmic demonstrate that curl/nginx/google-chrome/mozilla-firefox connect and negotiate TLS v1.3 without issues. - * Mitigation of discovered connectivity issues will be possible by + * Mitigation of discovered connectivity issues will be possible by clamping down to TLS v1.2 in either server-side or client-side software or by backporting relevant support fixes + [Other Info] - [Other Info] - - * Previous FFe for OpenSSL in 18.10 is at - https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1793092 + * Previous FFe for OpenSSL in 18.10 is at + https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1793092 - * TLS v1.3 support in NSS is expected to make it to 18.04 via security + * TLS v1.3 support in NSS is expected to make it to 18.04 via security updates - * TLS v1.3 support in GnuTLS is expected to be available in 19.04 + * TLS v1.3 support in GnuTLS is expected to be available in 19.04 + + * Test OpenSSL is being prepared in + https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/3473
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797386 Title: [SRU] OpenSSL 1.1.1 to 18.04 LTS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
