I talked with Alex of the security Team.
Here the TL;DR summary:
- security would prefer and be +1 on enabling TLSv1.3 in haproxy in Bionic
- Server team is ok as well, while it is a feature addition it seems not to
take away any
- thereby it would fall under the third section of [1] "add features without
affecting existing
features"
- In case the SRU Team "nacks" this upload then instead we should prepare and
upload a change to
"avoid to enable TLSv1.3 by accident"
I checked later releases, >=Disco are already built with the new version
so no other than Bionic would need to be changed.
[1]: https://wiki.ubuntu.com/StableReleaseUpdates#Other_safe_cases
** Changed in: haproxy (Ubuntu)
Status: Confirmed => Triaged
** Also affects: haproxy (Ubuntu Bionic)
Importance: Undecided
Status: New
** Changed in: haproxy (Ubuntu Bionic)
Status: New => Triaged
** Changed in: haproxy (Ubuntu)
Status: Triaged => Fix Released
** Changed in: haproxy (Ubuntu Bionic)
Importance: Undecided => Medium
** Changed in: haproxy (Ubuntu Bionic)
Assignee: (unassigned) => Christian Ehrhardt (paelzer)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1841936
Title:
Rebuild haproxy with openssl 1.1.1 will change features (bionic)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/haproxy/+bug/1841936/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
