[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

OpenSSL 1.1.0


I just uploaded OpenSSL 1.1.0 to unstable. There are still many
packages that fail to build using OpenSSL 1.1.0. For most packages
it should be easy to migrate 1.1.0. The most common problems when
going to OpenSSL 1.1.0 are:
- configure trying to detect a function that's now a macro.
- Accessing members of structures that have now become opaque. You
  now need to use function to get or set them.

The changes required are ussually very easy and do not take a long
time to implement.

Many upstream projects have already done the work or are working
on it. Fedora is also doing the OpenSSL 1.1.0 migration. So both
places are a good place to look at to see if they have already
done the work.

There might also be packages for which the changes are more
involved and that can't be fixed in time for the release. If you
want to stay with OpenSSL 1.0.2 you need to change your Build-Depends
from libssl-dev to libssl1.0-dev.

I would like to encourage that at least the packages that are
making use of libssl and not just libcrypto move to OpenSSL 1.1.0
because it contains important new features. It adds support for
among other things of:
- Extended master secret: This fixes the triple handshake problem
  in TLS.
- Chacha20-poly1305
- X25519

If you have any problems feel free to contact us.


Attachment: signature.asc
Description: PGP signature

Reply to: