Re: openssl 1.1.1 in stretch backports?

To: debian-backports@lists.debian.org
Subject: Re: openssl 1.1.1 in stretch backports?
From: Harald Dunkel <harald.dunkel@aixigo.de>
Date: Mon, 14 Jan 2019 09:11:21 +0100
Message-id: <[🔎] 4444c138-4f62-844c-4dae-99291ea40280@aixigo.de>
In-reply-to: <[🔎] 20190111212327.GP28515@kduck.mit.edu>
References: <[🔎] c515a49c-e25b-e7a5-ca92-12b23f3f83b6@aixigo.de> <[🔎] 20190111104625.GA22427@espresso.pseudorandom.co.uk> <[🔎] 33796e89-a3f3-9aed-5c0f-5ff4fef150d2@aixigo.de> <[🔎] 20190111212327.GP28515@kduck.mit.edu>

On 1/11/19 10:23 PM, Benjamin Kaduk wrote:

On Fri, Jan 11, 2019 at 01:56:35PM +0100, Harald Dunkel wrote:


Is it possible to use openssl 1.1.1 as a drop-in replacement for
1.1.0?


Well ... mostly.  It's *supposed* to be, but there are some places where
behavior had to change to get TLS 1.3 support, and some of those changes
are on the boundary of "breaks functioning code" and "your code was doing
unsupported/undocumented things".  (Unfortunately, I don't have any
examples off the top of my head.)


If there are important changes (like introducing TLS 1.3 or others,
modifying the api), isn't it custom to change the SONAME, making sure
that shared objects for old and new api can be installed in parallel?


Regards
Harri

Reply to:

Follow-Ups:
- Re: openssl 1.1.1 in stretch backports?
  - From: Simon McVittie <smcv@debian.org>

References:
- openssl 1.1.1 in stretch backports?
  - From: Harald Dunkel <harald.dunkel@aixigo.de>
- Re: openssl 1.1.1 in stretch backports?
  - From: Simon McVittie <smcv@debian.org>
- Re: openssl 1.1.1 in stretch backports?
  - From: Harald Dunkel <harald.dunkel@aixigo.de>
- Re: openssl 1.1.1 in stretch backports?
  - From: Benjamin Kaduk <kaduk@mit.edu>

Prev by Date: graphite-web 1.0.2+debian-2~bpo9+1 affected by 878208
Next by Date: Re: openssl 1.1.1 in stretch backports?
Previous by thread: Re: openssl 1.1.1 in stretch backports?
Next by thread: Re: openssl 1.1.1 in stretch backports?
Index(es):
- Date
- Thread