[openssl-users] openssl 1.0.2 and TLS 1.3

Viktor Dukhovni openssl-users at dukhovni.org
Tue Sep 11 15:15:23 UTC 2018

> On Sep 11, 2018, at 9:58 AM, The Doctor <doctor at doctor.nl2k.ab.ca> wrote:
> So Openssh, NTPd, MOd_pagespeed have to adopt OPEnssl 1.1X API
> in order to use TLS 1.3 .

OpenSSH does not use TLS or libssl, so does not need that OpenSSL
1.1.x feature.  It could still benefit from libcrypto algorithm
improvements that result in more constant behaviour and/or other
improvements.  While OpenBSD may be slow to port to OpenSSL 1.1.x,
porting OpenSSH to 1.1.x is not difficult.  Christos Zoulas has
done that for NetBSD, the latest HPN patches port OpenSSH to
OpenSSL 1.1.0 [ I used the HPN patches for OpenSSH 7.7p1 as a
starting point, and have a clean build of OpenSSH 7.8p1 with
OpenSSL 1.1.x after some minor improvements. ]


More information about the openssl-users mailing list