Progress resolving OpenSSL 1.1.0 issues

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



I know it has been stated that OpenSSL 1.1.0 is a non-starter for OpenSSH until a better compatibility system is provided by OpenSSL, allowing a single code-base to support interacting with both OpenSSL 1.0.x and 1.1.x.

I also know various people have provided patches to OpenSSH offering such support, but it also seems as if OpenSSH is waiting for something official. These patches offered to OpenSSH may have forced users of OpenSSH to move to OpenSSL 1.1.x - I haven't checked that out, and I know that would be a non-starter. But perhaps they did offer a compatibility layer.

Finally, I also realize OpenSSH has to work with multiple different SSL providers, not just OpenSSL, and that OpenSSL has forced a whole slew of changes on its 'customers'.

I worry about a deadlock, though. Does the OpenSSL team even know that the OpenSSH project will not move toward 1.1.0 support until it provides a simpler and official multi-version compatibility system? If there is no communication with them, it is unlikely they'll think of working on the compatibility system themselves (else it would have already been provided, because it's a rather obvious and important need.) Or is the OpenSSH team simply saying "until there is one, we won't support OpenSSL 1.1.0" - hoping it just happens - but not making effort to see that it does?

OpenSSH is one of the more important SSL 'customers' The view of "nope; I won't code a custom compatibility system" may absolutely be the right thing to say and do. But do we even have OpenSSL's ear, to make sure what was said here was heard?

Thanks!
Joel
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux