Hi Rob, Rob Marshall wrote on Tue, Apr 17, 2018 at 10:53:12AM -0400: > I tried to build and install OpenSSL 1.1.0 on my system but the build > fails due to some assembler instruction. The first OpenSSL 1.1.0 > version that seems to build OK is 1.1.0d but the "make test" fails. So > I tried 1.1.0h which builds and the "make test" passes. However when I > try to build OpenSSH 7.7.p1 I get: > > checking OpenSSL library version... configure: error: OpenSSL >= 1.1.0 > is not yet supported (have "1010008f (OpenSSL 1.1.0h 27 Mar 2018)") This has been discussed over and over again. Please read the list archives. In a nutshell, the problem is that between 1.0 and 1.1, the OpenSSL development team very badly broke huge parts of their API in a way that is completely incompatible both ways and that requires huge changes to all application programs, but they consistently refuse to provide any help with the migration, so OpenSSH still cannot support the new OpenSSL-1.1 API. I recently (less than a month ago) sent a bugfix patch to one of the chief OpenSSL developers. The patch was gladly accepted and we discussed licensing at length (i ended up releasing the patch into the public domain because they considered the ISC license not free enough for them), and i also asked again about 1.0 to 1.1 migration support in that context. That question was totally ignored, so still no help is coming from OpenSSL. Help may be coming from LibreSSL in the future because LibreSSL has started integrating 1.1 APIs in a backward compatible way, avoiding the egregious API break mistakes made by OpenSSL. But that work is still far from finished, and i'm not aware that the (substantial) work required for using the fruits in OpenSSH has even been started yet. > If I modify configure to allow for 1.1.0h will that be a problem? That will be a problem indeed. It simply won't compile at all. Trying to compile OpenSSH against GNUTLS instead of OpenSSL by changing nothing but ./configure has about the same chances of success. OpenSSL-1.0 and OpenSSL-1.1 are two very different APIs. LibreSSL is compatible with OpenSSL-1.0. LibreSSL is now compatible with quite some parts of OpenSSL-1.1. But OpenSSL-1.0 and OpenSSL-1.1 are totally incompatible with each other. This is purely an OpenSSL problem, nothing is wrong with OpenSSH. Yours, Ingo _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev