[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OpenSSL 1.1.0

Quoting Adrian Bunk (2016-11-14 23:16:14)
> On Mon, Nov 14, 2016 at 07:10:00PM +0000, Niels Thykier wrote:
>> Marco d'Itri:
>>> On Nov 14, Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com> wrote:
>>>> And yes, I would step back and switch libssl-dev to provide 
>>>> libssl1.0-dev and have libssl1.1-dev around for anyone who can 
>>>> really do the switch.
>>> I would not: OpenSSL 1.0 does not support ChaCha20 so it would be a 
>>> very bad default for next year's release.
>>> Bad enough that I would have to use a different distribution for 
>>> some web servers.
[...]
> For Apache, the choices available are:
> 1. no ChaCha20 in Apache in stretch
> 2. move the stretch release schedule by 6-12 months to have
>    only OpenSSL 1.1 in stretch
> 3. apply ChaCha20 patches to OpenSSL 1.0.2

4. use libapache2-mod-gnutls?

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private
Reply to: