[openssl-users] TLS 1.3 and the release

Michael Richardson mcr at sandelman.ca
Mon Aug 13 02:11:00 UTC 2018

PGNet Dev <pgnet.dev at gmail.com> wrote:
    >> I'm just dealing with trying to get openssl 1.1.0 to get installed on Ubuntu
    >> bionic.  Yes, there is a package, but all the other packages depend upon
    >> 1.0.x.... and many things are linking against 1.0.x rather than 1.1, when
    >> both are installed...  I don't know why they build stuff against 1.0.x
    >> rather than 1.1.0: I think it's a packaging oops.

    > In the "I'm guessing this is NOT news to anyone HERE" category ....

No kidding.
If we want to push making TLS available 1.3, then we need to do some remedial
work where.

    > Even the packages that DO 'build against' 1.1.0 frequently do so by banking
    > on deprecated symbols made possible by lazy (imo) api-compat usage.

I found that libssl-dev was not upgraded from 1.0.0 version to 1.1.0 version
when I did the dist-upgrade.  Once I flushed that, I could then rebuild
things like ruby (and it's openssl module) against 1.1.0 correctly, and
*THEN* re-install libssl1.0 to make openssh happy.

    > Packagers are frequently NOT cleaning up their openssl version-check logic,
    > and cleaning out old-/deprecated- symbols.  In my experience, most seem not
    > to be interested, either; instead, the response mantra to entreaties about
    > clean/modern "--api=1.1.0" compatibility is "that's not what the distros
    > provide; just use that".


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180812/45c3b840/attachment.sig>

More information about the openssl-users mailing list