Your message dated Sun, 26 Feb 2017 18:15:48 +0100 with message-id <20170226181548.69c3036d.baptiste@mailoo.org> and subject line Re: Bug#855331: release-notes: add a little something about openssl has caused the Debian Bug report #855331, regarding release-notes: add a little something about openssl to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 855331: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855331 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: release-notes: add a little something about openssl
- From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
- Date: Thu, 16 Feb 2017 21:45:16 +0100
- Message-id: <[🔎] 20170216204515.n4foa5cnnwrj5tgx@breakpoint.cc>
Package: release-notes Severity: normal Tags: patch The patch attached contains information about changes in the openssl / libssl package. I added four items, each one of them was reported atleast once as a bug. The "openssl enc" situation was responsible for at least four bug reports and one reported suggested / asked if this is not release-notes. So here I am. While writting this down I was looking what else we had and made a little list. Please look at this and decide if this is worth for release-notes or not. The 3DES / RC4 limitation led to a few reports as well. There are either people using XP or services which offer only 3DES and RC4 (#853730). SebastianIndex: en/issues.dbk =================================================================== --- en/issues.dbk (revision 11362) +++ en/issues.dbk (working copy) @@ -535,6 +535,43 @@ dh_strip manpage for more information</ulink> </para> </section> + + <section id="openssl-issues"> + <title>OpenSSL related changes</title> + <para> + The <command>openssl</command> application expects option arguments before + non-option arguments. For example, this does not work anymore: +<screen> +openssl dsaparam 2048 -out file +</screen> + while this still does: +<screen> +openssl dsaparam -out file 2048 +</screen> + </para> + <para> + The <command>openssl enc</command> command changed the default digest + (used to create the key from passphrase) from MD5 to SHA256. The digest can + be specified with the <command>-md</command> option in case old files need + to be decrypted with newer openssl (or the other way around). + </para> + <para> + The 3DES and RC4 ciphers are no longer available for TLS/SSL communication. + Servers linked against openssl can't offer them and clients can't connect + to servers which offer only those. This means that openssl and Windows XP + share no common cipher. + </para> + <para> + The package <systemitem role="package">libssl-dev</systemitem> provides + header files to compile against openssl 1.1.0. The API changed a lot and + it is possible that the software won't compile anymore. There is an + <ulink url="https://wiki.openssl.org/index.php/1.1_API_Changes">overview of + the changes</ulink>. If you can't update your software, there is also + <systemitem role="package">libssl1.0-dev</systemitem> which provides headers + against openssl 1.0.2. + </para> + </section> + </section> </chapter>
--- End Message ---
--- Begin Message ---
- Cc: 855331-done@bugs.debian.org
- Subject: Re: Bug#855331: release-notes: add a little something about openssl
- From: Baptiste Jammet <baptiste@mailoo.org>
- Date: Sun, 26 Feb 2017 18:15:48 +0100
- Message-id: <20170226181548.69c3036d.baptiste@mailoo.org>
- In-reply-to: <[🔎] 20170216204515.n4foa5cnnwrj5tgx@breakpoint.cc>
- References: <[🔎] 20170216204515.n4foa5cnnwrj5tgx@breakpoint.cc>
Hello, Dixit Sebastian Andrzej Siewior, le 16/02/2017 : >The patch attached contains information about changes in the openssl / >libssl package. I added four items, each one of them was reported >atleast once as a bug. Applied as is, thanks. BaptisteAttachment: pgpwEV2doH9s4.pgp
Description: OpenPGP digital signature
--- End Message ---