[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Latest openssl 1.0.2 for Jessie backports


I uploaded openssl_1.0.2l-1~bpo8+1 to jessie backports which got
rejected because this version is not in stable. The stretch backports
announcement said "From time to time … please talk to us on the list
**before** upload the package.". So technically it is after but here I
am :)
In stable we have the source package openssl which contains the 1.1
branch of openssl and the source package openssl1.0 which contains the
1.0.2 branch of openssl. For Jessie backports we would need to keep
uploading the 1.0.2 branch as the openssl package.
It is the same upstream source as in the openssl1.0 package.  The
package is not identical to the openssl1.0 source package for a few
- in backports we need to provide a different binary package for the
  library (libssl1.0.2 vs libssl1.0.0) 
- we also need to provide the openssl binary package (which is not
  provided by the openssl1.0 source package but by openssl in stable).
- in stable we disable RC4 and 3DES from the SSL suite. We can't do this
  for Jessie because people will come screaming (they did after the
  change made it to Stretch).

This backport is meant as a drop-in replacement for openssl package in
Jessie which provides additional features like ALPN (used by nginx bpo).


Reply to: