[openssl-users] TLS 1.3 and the release
mcr at sandelman.ca
Mon Aug 13 02:11:00 UTC 2018
PGNet Dev <pgnet.dev at gmail.com> wrote:
>> I'm just dealing with trying to get openssl 1.1.0 to get installed on Ubuntu
>> bionic. Yes, there is a package, but all the other packages depend upon
>> 1.0.x.... and many things are linking against 1.0.x rather than 1.1, when
>> both are installed... I don't know why they build stuff against 1.0.x
>> rather than 1.1.0: I think it's a packaging oops.
> In the "I'm guessing this is NOT news to anyone HERE" category ....
If we want to push making TLS available 1.3, then we need to do some remedial
> Even the packages that DO 'build against' 1.1.0 frequently do so by banking
> on deprecated symbols made possible by lazy (imo) api-compat usage.
I found that libssl-dev was not upgraded from 1.0.0 version to 1.1.0 version
when I did the dist-upgrade. Once I flushed that, I could then rebuild
things like ruby (and it's openssl module) against 1.1.0 correctly, and
*THEN* re-install libssl1.0 to make openssh happy.
> Packagers are frequently NOT cleaning up their openssl version-check logic,
> and cleaning out old-/deprecated- symbols. In my experience, most seem not
> to be interested, either; instead, the response mantra to entreaties about
> clean/modern "--api=1.1.0" compatibility is "that's not what the distros
> provide; just use that".
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 487 bytes
Desc: not available
More information about the openssl-users