[openssl-project] 1.1.1 Release criteria update

Matt Caswell matt at openssl.org
Thu Aug 2 11:01:22 UTC 2018

A quick update on the status of the 1.1.1 release criteria:

- All open github issues/PRs older than 2 weeks at the time of release
to be assessed for relevance to 1.1.1. Any flagged with the 1.1.1
milestone to be closed

We have 5 open issues (4 of which were opened within the last 2 weeks).
The most significant one is the PSK reuse issue. If we decide to make a
change then there is a PR there ready and waiting. All we really need to
do is decide whether to make that change or not. We've been waiting on
the TLS WG to make its mind up on what advice it's going to put into the
RFC on this. We also need to make a decision on what we will do about
the TLSv1.3 downgrade protection issue (with "do nothing" a possibility).

We also have 5 open PRs. One of these is blocked on the publication of
the RFC, and another is blocked on a decision being made on PSK reuse.
The other 3 are all in active development and I expect to see them
merged or closed very soon. Only the PR blocked on the RFC publication
is older than 2 weeks.

- Clean builds in Travis and Appveyor for two days

Status: Both Travis and Appveyor are currently green

- run-checker.sh to be showing as clean 2 days before release

Status: There has been one recent issue, but that should have been fixed
yesterday. I've not seen any run-checker reports since then.

- No open Coverity issues (not flagged as "False Positive" or "Ignore")

Status: There are no open issues not flagged as ignore

- TLSv1.3 RFC published (with at least one beta release after the

Status: The RFC has been imminent for a long time. The latest smoke
signals indicate that it is now imminently imminent :-)

My summary is that I think we are in a good place for the 1.1.1 release.
Once the PSK wording in the RFC is decided we should seek to make a
decision on the PSK reuse issue quickly. With that resolved and the RFC
published we should be able to get another beta release out quickly
afterwards. Assuming there are no significant issues raised during that
beta cycle I am hopeful we can get the 1.1.1 release out the door 2
weeks or so later.


More information about the openssl-project mailing list