On Mon, Dec 19, 2016 at 06:13:46AM -0800, jpbion@xxxxxxxxxx wrote: > I know it has been stated that OpenSSL 1.1.0 is a non-starter for > OpenSSH until a better compatibility system is provided by OpenSSL, > allowing a single code-base to support interacting with both OpenSSL > 1.0.x and 1.1.x. > > I also know various people have provided patches to OpenSSH offering > such support, but it also seems as if OpenSSH is waiting for something > official. These patches offered to OpenSSH may have forced users of > OpenSSH to move to OpenSSL 1.1.x - I haven't checked that out, and I > know that would be a non-starter. But perhaps they did offer a > compatibility layer. > > Finally, I also realize OpenSSH has to work with multiple different SSL > providers, not just OpenSSL, and that OpenSSL has forced a whole slew of > changes on its 'customers'. > > I worry about a deadlock, though. Does the OpenSSL team even know that > the OpenSSH project will not move toward 1.1.0 support until it provides > a simpler and official multi-version compatibility system? If there is > no communication with them, it is unlikely they'll think of working on > the compatibility system themselves (else it would have already been > provided, because it's a rather obvious and important need.) Or is the > OpenSSH team simply saying "until there is one, we won't support OpenSSL > 1.1.0" - hoping it just happens - but not making effort to see that it > does? > > OpenSSH is one of the more important SSL 'customers' The view of "nope; > I won't code a custom compatibility system" may absolutely be the right > thing to say and do. But do we even have OpenSSL's ear, to make sure > what was said here was heard? > Openssl 1.1 backwards compatability to Openssl 1.0 will not ever happen. The best programmers can do is to program around openssl 1.1 + Openssl less than 1.0 and libressl. > Thanks! > Joel > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Merry Christmas 2016 and Happy New Year 2017 _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
