[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#855331: marked as done (release-notes: add a little something about openssl)

Your message dated Sun, 26 Feb 2017 18:15:48 +0100
with message-id <20170226181548.69c3036d.baptiste@mailoo.org>
and subject line Re: Bug#855331: release-notes: add a little something about openssl
has caused the Debian Bug report #855331,
regarding release-notes: add a little something about openssl
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
855331: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855331
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release-notes
Severity: normal
Tags: patch

The patch attached contains information about changes in the openssl /
libssl package. I added four items, each one of them was reported
atleast once as a bug.
The "openssl enc" situation was responsible for at least four bug
reports and one reported suggested / asked if this is not release-notes.
So here I am.  While writting this down I was looking what else we had
and made a little list. Please look at this and decide if this is worth
for release-notes or not.
The 3DES / RC4 limitation led to a few reports as well. There are either
people using XP or services which offer only 3DES and RC4 (#853730).

Sebastian

Index: en/issues.dbk
===================================================================
--- en/issues.dbk	(revision 11362)
+++ en/issues.dbk	(working copy)
@@ -535,6 +535,43 @@
       dh_strip manpage for more information</ulink>
     </para>
   </section>
+
+  <section id="openssl-issues">
+    <title>OpenSSL related changes</title>
+    <para>
+      The <command>openssl</command> application expects option arguments before
+      non-option arguments. For example, this does not work anymore:
+<screen>
+openssl dsaparam 2048 -out file
+</screen>
+      while this still does:
+<screen>
+openssl dsaparam -out file 2048
+</screen>
+    </para>
+    <para>
+      The <command>openssl enc</command> command changed the default digest
+      (used to create the key from passphrase) from MD5 to SHA256. The digest can
+      be specified with the <command>-md</command> option in case old files need
+      to be decrypted with newer openssl (or the other way around).
+    </para>
+    <para>
+      The 3DES and RC4 ciphers are no longer available for TLS/SSL communication.
+      Servers linked against openssl can't offer them and clients can't connect
+      to servers which offer only those. This means that openssl and Windows XP
+      share no common cipher.
+    </para>
+    <para>
+      The package <systemitem role="package">libssl-dev</systemitem> provides
+      header files to compile against openssl 1.1.0. The API changed a lot and
+      it is possible that the software won't compile anymore. There is an
+      <ulink url="https://wiki.openssl.org/index.php/1.1_API_Changes";>overview of
+      the changes</ulink>. If you can't update your software, there is also
+      <systemitem role="package">libssl1.0-dev</systemitem> which provides headers
+      against openssl 1.0.2.
+    </para>
+  </section>
+
 </section>
 
 </chapter>

--- End Message ---
--- Begin Message --- 
Hello, 

Dixit Sebastian Andrzej Siewior, le 16/02/2017 :

>The patch attached contains information about changes in the openssl /
>libssl package. I added four items, each one of them was reported
>atleast once as a bug.

Applied as is, thanks.

Baptiste

Attachment: pgpwEV2doH9s4.pgp
Description: OpenPGP digital signature


--- End Message ---
Reply to: