[openssl-dev] please make clear on website that 1.1.0e is Development release, not GA / Production release

William A Rowe Jr wrowe at rowe-clan.net
Wed Mar 29 20:01:55 UTC 2017

On Mon, Mar 20, 2017 at 5:41 PM, Jason Vas Dias
<jason.vas.dias at gmail.com> wrote:
> Hi - much thanks for many years of great OpenSSL releases,
> but this 1.1.0 branch, IMHO, should not be put above the 1.0.2k
> release on the website as the 'latest / best OpenSSL release' - this just
> wastes everybody's time .  No using software can use this release,
> such as the latest releases of OpenSSH,  ISC BIND (named) / ISC DHCP,  ntpd
> (... the list can go on and on - does the latest httpd  compile with it? )
>  without major restructuring .

Just to add to your list, Apache httpd 2.4.26 will support 1.1.0 (and those
patches are already on the 2.4 development branch.)

That said, 1.1.0 is the latest, and most complete (best) implementation.
That information was not incorrect.

Perhaps the team could add "most widely adopted" to the description of 1.0.2
for the time being, until the released sources of many common tools do adopt
the necessary API changes? But that really isn't the OpenSSL project's issue.

The Apache httpd project is also looking at how to efficiently adopt PCRE 10,
which is *long* established as the best/current software since a refactoring
some years ago, and somewhat similarly neglected by consuming projects.
It is not the OSS author's job to strong-arm downstream (e.g. dependent)
projects, but simply to provide the best OSS they can. When it breaks you
get to keep every line of source code.

More information about the openssl-dev mailing list