From matt at openssl.org Mon Nov 5 14:47:50 2018 From: matt at openssl.org (Matt Caswell) Date: Mon, 5 Nov 2018 14:47:50 +0000 Subject: [openssl-project] Monthly Status Report (October) Message-ID: As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month: - Ongoing work on the Design documentation for the FIPS release - Fixed some coverity issues - Fixed BIO callback return code handling - Fixed an issue with DTLSv1_listen() which was leaving messages on the underlying fd causing application level issues - Developed a Configure option "no-atexit" (not yet merged) - Fixed the EVP_PKEY_CTX_set_rsa_pss_keygen_md macro - Fixed an issue with the client certificate callback in TLSv1.3 - Fixed a DTLS issue with duplicated messages coming from the next epoch - Reviewing the CMP code - Removed the artificial limit on the size of the ClientHello - Fixed a DTLS memory leak - Investigated tls_cbc_digest_record issues - Fixed an issue in s_server when the identity is unknown - Fixed an issue where we negotiated TLSv1.3 even though our certificate is not TLSv1.3 capable - Fixed an issue where we use_ecc() was returning 1 due to TLSv1.3 ciphersuites - even though those ciphersuites were disabled. - Fixed an issue where HKDF state was not reset between runs - Fixed ca_names handling to have separate behaviour on the client and server to avoid sending overly large ClientHellos - Reviewing the Kernel TLS code - Reviewing SRP documentation updates Matt From matt at openssl.org Thu Nov 8 13:21:32 2018 From: matt at openssl.org (Matt Caswell) Date: Thu, 8 Nov 2018 13:21:32 +0000 Subject: [openssl-project] 1.1.1a milestone status Message-ID: <81f1aa11-36bc-9b23-f688-8738eb6fd729@openssl.org> There are currently 5 PRs and 1 issue with the 1.1.1a milestone set against them. Of the 5 PRs, 3 are in the ready state: 7462: Test: link drbgtest statically against libcrypto 7437: rand_unix.c: open random devices on first use only 7391: Unbreak SECLEVEL 3 regression causing it to not accept any ciphers. 2 PRs are still in review: 7442: Don't negotiate TLSv1.3 if our EC cert isn't TLSv1.3 capable 7503: Separate ca_names handling for client and server The one 1.1.1a issue (7419) will be closed as soon as 7437 gets pushed. It would be great if we could get the 3 PRs that are ready pushed, and the other 2 reviewed in the next day or two to enable us to do a release soon. Matt From Matthias.St.Pierre at ncp-e.com Thu Nov 8 13:41:55 2018 From: Matthias.St.Pierre at ncp-e.com (Dr. Matthias St. Pierre) Date: Thu, 8 Nov 2018 13:41:55 +0000 Subject: [openssl-project] 1.1.1a milestone status In-Reply-To: <81f1aa11-36bc-9b23-f688-8738eb6fd729@openssl.org> References: <81f1aa11-36bc-9b23-f688-8738eb6fd729@openssl.org> Message-ID: <0a61cc4b1f4e463b953a7da9b4817858@Ex13.ncp.local> I'll merge 7462 and 7437 later today. Matthias FYI: there is a direct link to the milestone https://github.com/openssl/openssl/milestone/13 > -----Urspr?ngliche Nachricht----- > Von: openssl-project Im Auftrag von Matt Caswell > Gesendet: Donnerstag, 8. November 2018 14:22 > An: openssl-project at openssl.org > Betreff: [openssl-project] 1.1.1a milestone status > > There are currently 5 PRs and 1 issue with the 1.1.1a milestone set > against them. > > Of the 5 PRs, 3 are in the ready state: > > 7462: Test: link drbgtest statically against libcrypto > 7437: rand_unix.c: open random devices on first use only > 7391: Unbreak SECLEVEL 3 regression causing it to not accept any ciphers. > > 2 PRs are still in review: > 7442: Don't negotiate TLSv1.3 if our EC cert isn't TLSv1.3 capable > 7503: Separate ca_names handling for client and server > > The one 1.1.1a issue (7419) will be closed as soon as 7437 gets pushed. > > It would be great if we could get the 3 PRs that are ready pushed, and > the other 2 reviewed in the next day or two to enable us to do a release > soon. > > Matt > _______________________________________________ > openssl-project mailing list > openssl-project at openssl.org > https://mta.openssl.org/mailman/listinfo/openssl-project From matt at openssl.org Thu Nov 8 16:24:00 2018 From: matt at openssl.org (Matt Caswell) Date: Thu, 8 Nov 2018 16:24:00 +0000 Subject: [openssl-project] 1.1.1a milestone status In-Reply-To: <15a5adf622a6abb87497644567bca8e50283e59b.camel@infradead.org> References: <81f1aa11-36bc-9b23-f688-8738eb6fd729@openssl.org> <15a5adf622a6abb87497644567bca8e50283e59b.camel@infradead.org> Message-ID: <9d76fdc4-b23a-aa27-83fb-2e4afb2ecf10@openssl.org> On 08/11/2018 13:35, David Woodhouse wrote: > On Thu, 2018-11-08 at 13:21 +0000, Matt Caswell wrote: >> There are currently 5 PRs and 1 issue with the 1.1.1a milestone set >> against them. >> >> Of the 5 PRs, 3 are in the ready state: >> >> 7462: Test: link drbgtest statically against libcrypto >> 7437: rand_unix.c: open random devices on first use only >> 7391: Unbreak SECLEVEL 3 regression causing it to not accept any ciphers. >> >> 2 PRs are still in review: >> 7442: Don't negotiate TLSv1.3 if our EC cert isn't TLSv1.3 capable >> 7503: Separate ca_names handling for client and server >> >> The one 1.1.1a issue (7419) will be closed as soon as 7437 gets pushed. >> >> It would be great if we could get the 3 PRs that are ready pushed, and >> the other 2 reviewed in the next day or two to enable us to do a release >> soon. > > I'd quite like at least the bug-fix parts of > https://github.com/openssl/openssl/pull/7408 to be in the next stable > releases too. Without that we can't establish TLS sessions using keys > from the TPM engine. > I'm not sure its worth holding up the release for those fixes. But if they can be done in time then I have no objection to them going in. Matt From levitte at openssl.org Mon Nov 12 10:33:23 2018 From: levitte at openssl.org (Richard Levitte) Date: Mon, 12 Nov 2018 11:33:23 +0100 (CET) Subject: [openssl-project] QUIC, again Message-ID: <20181112.113323.260349601387601601.levitte@openssl.org> QUIC was mentioned a little more than a year ago. Since then, it seems that the drafts have moved forward with quite some speed: https://tools.ietf.org/html/draft-ietf-quic-transport-16 https://tools.ietf.org/html/draft-ietf-quic-tls-16 https://tools.ietf.org/html/draft-ietf-quic-recovery-16 There seems to be an effort to have the next major HTTP version be based on QUIC, at least if this blog is any indication: https://daniel.haxx.se/blog/2018/11/11/http-3/ So the question is, should we start taking a closer look? Last time, it seems like the discussions were cautiously positive, but never reached a conclusion. Thoughts? Anyone feeling enthusiastic and want to do something? Cheers, Richard -- Richard Levitte levitte at openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -------------- next part -------------- An embedded message was scrubbed... From: Matt Caswell Subject: [openssl-dev] QUIC Date: Wed, 6 Sep 2017 23:24:00 +0100 Size: 5136 URL: From levitte at openssl.org Mon Nov 12 10:34:20 2018 From: levitte at openssl.org (Richard Levitte) Date: Mon, 12 Nov 2018 11:34:20 +0100 (CET) Subject: [openssl-project] QUIC, again In-Reply-To: <20181112.113323.260349601387601601.levitte@openssl.org> References: <20181112.113323.260349601387601601.levitte@openssl.org> Message-ID: <20181112.113420.257715327881790691.levitte@openssl.org> For those wanting to follow what's happening in QUIC space, this is a good place to start: https://datatracker.ietf.org/wg/quic/about/ In message <20181112.113323.260349601387601601.levitte at openssl.org> on Mon, 12 Nov 2018 11:33:23 +0100 (CET), Richard Levitte said: > QUIC was mentioned a little more than a year ago. Since then, it > seems that the drafts have moved forward with quite some speed: > > https://tools.ietf.org/html/draft-ietf-quic-transport-16 > https://tools.ietf.org/html/draft-ietf-quic-tls-16 > https://tools.ietf.org/html/draft-ietf-quic-recovery-16 > > There seems to be an effort to have the next major HTTP version be > based on QUIC, at least if this blog is any indication: > > https://daniel.haxx.se/blog/2018/11/11/http-3/ > > So the question is, should we start taking a closer look? Last time, > it seems like the discussions were cautiously positive, but never > reached a conclusion. > > Thoughts? Anyone feeling enthusiastic and want to do something? > > Cheers, > Richard > > -- > Richard Levitte levitte at openssl.org > OpenSSL Project http://www.openssl.org/~levitte/ > From kaduk at mit.edu Mon Nov 12 16:52:03 2018 From: kaduk at mit.edu (Benjamin Kaduk) Date: Mon, 12 Nov 2018 10:52:03 -0600 Subject: [openssl-project] QUIC, again In-Reply-To: <20181112.113420.257715327881790691.levitte@openssl.org> References: <20181112.113323.260349601387601601.levitte@openssl.org> <20181112.113420.257715327881790691.levitte@openssl.org> Message-ID: <20181112165203.GC99562@kduck.kaduk.org> Between last time we discussed it and now, waiting seems to have been prudent, as the TLS/QUIC interaction got significantly revamped. The current QUIC drafts have TLS exporting key material and plaintext handshake messages, with QUIC record protection used on the wire and not TLS record protection. There is a huge amount of interest in QUIC at the IETF, and we will need to support it eventually. But that may be best as limited to exposing the needed APIs and not necessarily pulling in a full QUIC implementation -- I haven't thought about that question very much. I don't think I would have the team as a whole prioritize QUIC over FIPS, though it may be worth someone taking an initial look at what would be needed. -Ben On Mon, Nov 12, 2018 at 11:34:20AM +0100, Richard Levitte wrote: > For those wanting to follow what's happening in QUIC space, this is a > good place to start: https://datatracker.ietf.org/wg/quic/about/ > > In message <20181112.113323.260349601387601601.levitte at openssl.org> on Mon, 12 Nov 2018 11:33:23 +0100 (CET), Richard Levitte said: > > > QUIC was mentioned a little more than a year ago. Since then, it > > seems that the drafts have moved forward with quite some speed: > > > > https://tools.ietf.org/html/draft-ietf-quic-transport-16 > > https://tools.ietf.org/html/draft-ietf-quic-tls-16 > > https://tools.ietf.org/html/draft-ietf-quic-recovery-16 > > > > There seems to be an effort to have the next major HTTP version be > > based on QUIC, at least if this blog is any indication: > > > > https://daniel.haxx.se/blog/2018/11/11/http-3/ > > > > So the question is, should we start taking a closer look? Last time, > > it seems like the discussions were cautiously positive, but never > > reached a conclusion. > > > > Thoughts? Anyone feeling enthusiastic and want to do something? > > > > Cheers, > > Richard > > > > -- > > Richard Levitte levitte at openssl.org > > OpenSSL Project http://www.openssl.org/~levitte/ > > > _______________________________________________ > openssl-project mailing list > openssl-project at openssl.org > https://mta.openssl.org/mailman/listinfo/openssl-project From matt at openssl.org Mon Nov 12 17:05:31 2018 From: matt at openssl.org (Matt Caswell) Date: Mon, 12 Nov 2018 17:05:31 +0000 Subject: [openssl-project] OpenSSL Security Advisory Message-ID: <86b66671-8508-d720-416a-b4efd58c34bd@openssl.org> OpenSSL Security Advisory [12 November 2018] ============================================ Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) =================================================================================== Severity: Low OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been shown to be vulnerable to a microarchitecture timing side channel attack. An attacker with sufficient access to mount local timing attacks during ECDSA signature generation could recover the private key. This issue does not impact OpenSSL 1.1.1 and is already fixed in the latest version of OpenSSL 1.1.0 (1.1.0i). OpenSSL 1.0.2 is affected but due to the low severity of this issue we are not creating a new release at this time. The 1.0.2 mitigation for this issue can be found in commit b18162a7c. OpenSSL 1.1.0 users should upgrade to 1.1.0i. This issue was reported to OpenSSL on 26th October 2018 by Alejandro Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and Nicola Tuveri. Note ==== OpenSSL 1.1.0 is currently only receiving security updates. Support for this version will end on 11th September 2019. Users of this version should upgrade to OpenSSL 1.1.1. References ========== URL for this Security Advisory: https://www.openssl.org/news/secadv/20181112.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: From matt at openssl.org Mon Nov 12 17:27:02 2018 From: matt at openssl.org (Matt Caswell) Date: Mon, 12 Nov 2018 17:27:02 +0000 Subject: [openssl-project] 1.1.1a milestone status In-Reply-To: <81f1aa11-36bc-9b23-f688-8738eb6fd729@openssl.org> References: <81f1aa11-36bc-9b23-f688-8738eb6fd729@openssl.org> Message-ID: <972ff29b-f4ea-ae63-4b9c-2fb332dc0b7c@openssl.org> On 08/11/2018 13:21, Matt Caswell wrote: > There are currently 5 PRs and 1 issue with the 1.1.1a milestone set > against them. > > Of the 5 PRs, 3 are in the ready state: > > 7462: Test: link drbgtest statically against libcrypto > 7437: rand_unix.c: open random devices on first use only > 7391: Unbreak SECLEVEL 3 regression causing it to not accept any ciphers. > > 2 PRs are still in review: > 7442: Don't negotiate TLSv1.3 if our EC cert isn't TLSv1.3 capable > 7503: Separate ca_names handling for client and server > > The one 1.1.1a issue (7419) will be closed as soon as 7437 gets pushed. > > It would be great if we could get the 3 PRs that are ready pushed, and > the other 2 reviewed in the next day or two to enable us to do a release > soon. We're now at 3 outstanding PRs - 2 of which are in the "ready" state. The only other outstanding one is: 7596: Fix rpath-related Linux "test_shlibload" failure. Matt From matt at openssl.org Wed Nov 14 13:27:17 2018 From: matt at openssl.org (Matt Caswell) Date: Wed, 14 Nov 2018 13:27:17 +0000 Subject: [openssl-project] Release scheduling Message-ID: There are now no open PRs/issues with the 1.1.1a milestone so I think we should go ahead and do a release. The question is when? I propose next Tuesday (20th), with releases of 1.1.0 and 1.0.2 on the same day. It's been a while since they last had releases so I think its worthwhile doing them at the same time. Thoughts? Matt From levitte at openssl.org Wed Nov 14 13:43:13 2018 From: levitte at openssl.org (Richard Levitte) Date: Wed, 14 Nov 2018 14:43:13 +0100 Subject: [openssl-project] Release scheduling In-Reply-To: References: Message-ID: Only one thought: +1 Matt Caswell skrev: (14 november 2018 14:27:17 CET) >There are now no open PRs/issues with the 1.1.1a milestone so I think >we should >go ahead and do a release. The question is when? I propose next Tuesday >(20th), >with releases of 1.1.0 and 1.0.2 on the same day. It's been a while >since they >last had releases so I think its worthwhile doing them at the same >time. > >Thoughts? > >Matt >_______________________________________________ >openssl-project mailing list >openssl-project at openssl.org >https://mta.openssl.org/mailman/listinfo/openssl-project -- Skickat fr?n min Android-enhet med K-9 Mail. Urs?kta min f?ordighet. From Matthias.St.Pierre at ncp-e.com Wed Nov 14 13:48:28 2018 From: Matthias.St.Pierre at ncp-e.com (Dr. Matthias St. Pierre) Date: Wed, 14 Nov 2018 13:48:28 +0000 Subject: [openssl-project] Release scheduling In-Reply-To: References: Message-ID: +1, in particular for doing a triple release: the 1.0.2 branch has accumulated a lot of substantial bugfixes. (Personally, I am waiting on behalf of my company for Nicola's fix for the crash in FIPS mode https://github.com/openssl/openssl/commit/fff1da43be2236995cdf5ef2f3e2a51be232ba85) Matthias > -----Urspr?ngliche Nachricht----- > Von: openssl-project Im Auftrag von Richard Levitte > Gesendet: Mittwoch, 14. November 2018 14:43 > An: openssl-project at openssl.org > Betreff: Re: [openssl-project] Release scheduling > > Only one thought: +1 > > Matt Caswell skrev: (14 november 2018 14:27:17 CET) > >There are now no open PRs/issues with the 1.1.1a milestone so I think > >we should > >go ahead and do a release. The question is when? I propose next Tuesday > >(20th), > >with releases of 1.1.0 and 1.0.2 on the same day. It's been a while > >since they > >last had releases so I think its worthwhile doing them at the same > >time. > > > >Thoughts? > > > >Matt > >_______________________________________________ > >openssl-project mailing list > >openssl-project at openssl.org > >https://mta.openssl.org/mailman/listinfo/openssl-project > > -- > Skickat fr?n min Android-enhet med K-9 Mail. Urs?kta min f?ordighet. > _______________________________________________ > openssl-project mailing list > openssl-project at openssl.org > https://mta.openssl.org/mailman/listinfo/openssl-project From openssl-users at dukhovni.org Wed Nov 14 16:58:56 2018 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Wed, 14 Nov 2018 11:58:56 -0500 Subject: [openssl-project] Release scheduling In-Reply-To: References: Message-ID: <20181114165856.GH4122@straasha.imrryr.org> On Wed, Nov 14, 2018 at 01:27:17PM +0000, Matt Caswell wrote: > There are now no open PRs/issues with the 1.1.1a milestone so I think we should > go ahead and do a release. The question is when? I propose next Tuesday (20th), > with releases of 1.1.0 and 1.0.2 on the same day. It's been a while since they > last had releases so I think its worthwhile doing them at the same time. > > Thoughts? Yes, proceed to release. -- Viktor. From matt at openssl.org Wed Nov 14 18:00:02 2018 From: matt at openssl.org (Matt Caswell) Date: Wed, 14 Nov 2018 18:00:02 +0000 Subject: [openssl-project] Forthcoming OpenSSL Releases Message-ID: <1e00c274-19f7-c862-32fa-2cc53e6b365d@openssl.org> The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.1.1a, 1.1.0j and 1.0.2q. These releases will be made available on 20th November 2018 between approximately 1300-1700 UTC. These are bug-fix releases. They also contain the fixes for three LOW severity security issues CVE-2018-0735, CVE-2018-0734 and CVE-2018-5407 which were previously announced here: https://www.openssl.org/news/secadv/20181029.txt https://www.openssl.org/news/secadv/20181030.txt https://www.openssl.org/news/secadv/20181112.txt CVE-2018-0735 only affects the 1.1.0 branch. CVE-2018-0734 affects the 1.1.1, 1.1.0 and 1.0.2 branches. CVE-2018-5407 affects the 1.0.2 branch. It also affects older 1.1.0 releases before 1.1.0i. Yours The OpenSSL Project Team -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: From matt at openssl.org Mon Nov 19 16:54:20 2018 From: matt at openssl.org (Matt Caswell) Date: Mon, 19 Nov 2018 16:54:20 +0000 Subject: [openssl-project] Repo frozen Message-ID: <36e4a441-81e3-ac63-bdd8-82bbbbec073b@openssl.org> In preparation for the releases tomorrow the repo has now been frozen. I'll let you know when its available again. Matt From openssl at openssl.org Tue Nov 20 14:17:00 2018 From: openssl at openssl.org (OpenSSL) Date: Tue, 20 Nov 2018 14:17:00 +0000 Subject: [openssl-project] OpenSSL version 1.0.2q published Message-ID: <20181120141700.GA29541@openssl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 OpenSSL version 1.0.2q released =============================== OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.2q of our open source toolkit for SSL/TLS. For details of changes and known issues see the release notes at: https://www.openssl.org/news/openssl-1.0.2-notes.html OpenSSL 1.0.2q is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html): * https://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.0.2q.tar.gz Size: 5345604 SHA1 checksum: 692f5f2f1b114f8adaadaa3e7be8cce1907f38c5 SHA256 checksum: 5744cfcbcec2b1b48629f7354203bc1e5e9b5466998bbccc5b5fcde3b18eb684 The checksums were calculated using the following commands: openssl sha1 openssl-1.0.2q.tar.gz openssl sha256 openssl-1.0.2q.tar.gz Yours, The OpenSSL Project Team. -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAlv0D/MACgkQ2cTSbQ5g RJHZwQf/XVVXUUPD6ybAWXzWTAhb4kECMC7ahiEuLwO82IF8dafNNGLWVKU4qD5Q oHCBuHq8UUHPo1s+YeR+3phH0it8xZNUvpDw4BPFlLNkev16+yYJudl2YE9asVep 1Hup97zhSVfF7YS3o4r3TFL6VeAeC0XLHNItIYznldZ7oiI4iCvSH3rZ3Sb3O6lL EpSu3CYqgpbUI09aSZDdwYaUwj7j2KGf3D+U8U+bHY7d47GdvykSk18l1Mt2m/0K 63gDR4Nl+dgkLu6BALuqT79vhkRdiKWV4+e0GhvZPpjpoWBveYY1Q7nkfjy0Sh7j womsen61sS073bbdHZX6LoVuAsQbOw== =WXDE -----END PGP SIGNATURE----- From openssl at openssl.org Tue Nov 20 14:17:19 2018 From: openssl at openssl.org (OpenSSL) Date: Tue, 20 Nov 2018 14:17:19 +0000 Subject: [openssl-project] OpenSSL version 1.1.0j published Message-ID: <20181120141719.GA29594@openssl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 OpenSSL version 1.1.0j released =============================== OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.1.0j of our open source toolkit for SSL/TLS. For details of changes and known issues see the release notes at: https://www.openssl.org/news/openssl-1.1.0-notes.html OpenSSL 1.1.0j is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html): * https://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.1.0j.tar.gz Size: 5411919 SHA1 checksum: dcad1efbacd9a4ed67d4514470af12bbe2a1d60a SHA256 checksum: 31bec6c203ce1a8e93d5994f4ed304c63ccf07676118b6634edded12ad1b3246 The checksums were calculated using the following commands: openssl sha1 openssl-1.1.0j.tar.gz openssl sha256 openssl-1.1.0j.tar.gz Yours, The OpenSSL Project Team. -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAlv0DwoACgkQ2cTSbQ5g RJGaxggAkHnv1uEc/zs/mIRvJDcBi4ITN3Fgeu2CdmbgMhcLXpKKcVAt28f/bT6c gVgV7OGZbJPJBEz/X6Ed8hIV5+OSIDUyER8Vywo8hhKgA7P0zZKSL6UnHSanes6x zfJCQ43+g2GSKxxBWNo3qsMtbOpgNvqRbggnsOBnrCwiNVUbNGl7BqHDmH8+KzWB tXamWDZ7Q6g6/vpLeQQlR38LXEiC928dSUmeNhbllbEUskkmVQIyys5/uRlFkCcb 9XEHmv4/lSrC3iUe0av4jfo/YjpcaknvqytW+HBgjvb4X1QAERXO0c7qdd9vGU2R 28H8/ETVDvpdnohfEHA2w3gqrZS6Kw== =1c3l -----END PGP SIGNATURE----- From openssl at openssl.org Tue Nov 20 14:17:46 2018 From: openssl at openssl.org (OpenSSL) Date: Tue, 20 Nov 2018 14:17:46 +0000 Subject: [openssl-project] OpenSSL version 1.1.1a published Message-ID: <20181120141746.GA29779@openssl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 OpenSSL version 1.1.1a released =============================== OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.1.1a of our open source toolkit for SSL/TLS. For details of changes and known issues see the release notes at: https://www.openssl.org/news/openssl-1.1.1-notes.html OpenSSL 1.1.1a is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html): * https://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.1.1a.tar.gz Size: 8350547 SHA1 checksum: 8fae27b4f34445a5500c9dc50ae66b4d6472ce29 SHA256 checksum: fc20130f8b7cbd2fb918b2f14e2f429e109c31ddd0fb38fc5d71d9ffed3f9f41 The checksums were calculated using the following commands: openssl sha1 openssl-1.1.1a.tar.gz openssl sha256 openssl-1.1.1a.tar.gz Yours, The OpenSSL Project Team. -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAlv0DbQACgkQ2cTSbQ5g RJEs7Af+K00VWk3I/Eqo+HfIwVenGBE18xo26yCNjB7anxBi0ic4b/06ilME7lcT WANVlBcWg/ea7g8k8dEFNdnKlcdcQWRo51mfVelyC1L3OrVNfNzP1BrKTutaRq9S Hv8WvGGWaNlAdtLmy9rqmZVxuUMKYf0bC+9B8QqZ4hP1FjZry/wLSgU87+dqFY5Z dWBlctsvvc/7dl0ZrovtieEXCuH6+MK4i++jWjS6d5/ON1581wkmEzIkH5tRebQO jPaSj8rJB7H1bAZiZPd7c3Db5n4TG8NNoT+Kujk0LFTP+FjwEh6/WF8jybLDgGMg Y6mJnkcXimLoCLpuNZmBh1V4BAntTQ== =7K60 -----END PGP SIGNATURE----- From matt at openssl.org Tue Nov 20 14:26:38 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 20 Nov 2018 14:26:38 +0000 Subject: [openssl-project] Repo frozen In-Reply-To: <36e4a441-81e3-ac63-bdd8-82bbbbec073b@openssl.org> References: <36e4a441-81e3-ac63-bdd8-82bbbbec073b@openssl.org> Message-ID: <8cbec9da-3645-6a45-ae23-0625cd49c25b@openssl.org> The release is now complete and the repo is unfrozen. Thanks to Richard for all his help during the release. Matt On 19/11/2018 16:54, Matt Caswell wrote: > In preparation for the releases tomorrow the repo has now been frozen. I'll let > you know when its available again. > > > Matt > From levitte at openssl.org Sat Nov 24 22:44:31 2018 From: levitte at openssl.org (Richard Levitte) Date: Sat, 24 Nov 2018 23:44:31 +0100 (CET) Subject: [openssl-project] Mail stopped for a few hours, the disk was full Message-ID: <20181124.234431.2062371394217297822.levitte@openssl.org> I've cleaned away quite a bit, had a huge pile of "deleted" mails in my trash folder. *AHEM* Carry on, nothing more to see. Cheers, Richard -- Richard Levitte levitte at openssl.org OpenSSL Project http://www.openssl.org/~levitte/ From matt at openssl.org Wed Nov 28 17:02:40 2018 From: matt at openssl.org (Matt Caswell) Date: Wed, 28 Nov 2018 17:02:40 +0000 Subject: [openssl-project] OpenSSL Versioning and License Message-ID: <40643fa8-321f-a85d-3484-13bb1be8aa0e@openssl.org> Please see the following blog post about OpenSSL Versioning and License: https://www.openssl.org/blog/blog/2018/11/28/version/ Matt From mark at openssl.org Thu Nov 29 15:34:29 2018 From: mark at openssl.org (Mark J Cox) Date: Thu, 29 Nov 2018 15:34:29 +0000 Subject: [openssl-project] Vote to update the security policy Message-ID: Changes to policies require an OMC vote which I've called to approve an update to the security policy. This was as discussed at the face to face and the details and diff are at https://github.com/openssl/web/pull/96 ---------------- topic: Update security policy as per https://github.com/openssl/web/pull/96 comment: as discussed f2f Proposed by Mark Cox Public: yes opened: 2018-11-29 closed: yyyy-mm-dd ONE WEEK VOTE ---------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: