The libio-socket-ssl-perl debdiff includes the following changes to upstream tests:
(t/ecdhe.t) + my $protocol = $to_server->get_sslversion; + if ($protocol eq 'TLSv1_3') { + # <https://www.openssl.org/blog/blog/2017/05/04/tlsv1.3/> + ok("# SKIP TLSv1.3 doesn't advertize key exchange in a chipher name"); + } else { (t/npn.t) + SSL_version => 'SSLv23:!TLSv1_3', # NPN does not exist in TLSv1.3 + # https://github.com/openssl/openssl/issues/3665 (t/session_ticket.t) + # FIXME - add session ticket support for TLS 1.3 too + SSL_version => 'SSLv23:!TLSv1_3', [...] +# FIXME: TLSv1.3 requires to use SSL_CTX_sess_set_new_cb() by clients instead +# of SSL_get1_session(). Missing from Net::SSLeay. Please discuss / account for the impact of these interface changes on the reverse-dependencies of libio-socket-ssl-perl as part of this SRU. AFAIK there have not been any specific rebuild etc. tests with the new version of libio-socket-ssl-perl as part of this transition. There will be autopkgtest results, which may or may not be comprehensive. If you expect these autopkgtests to be sufficient guard against regression in Ubuntu, please document why in the SRU bug. Also please quantify/characterize the risk of regression to third-party software deployed on bionic using libio-socket-ssl-perl in the face of these interface changes, and if you believe that risk of regression is acceptable, explain why. Finally, please explain why this SRU introduces a hard-coded build- dependency (and runtime dependency) on libssl1.1 instead of this being resolved through shlibdeps or -dev package dependencies. ** Bug watch added: github.com/openssl/openssl/issues #3665 https://github.com/openssl/openssl/issues/3665 ** Changed in: libio-socket-ssl-perl (Ubuntu Bionic) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797386 Title: [SRU] OpenSSL 1.1.1 to 18.04 LTS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs