Dropping support for OpenSSL <1.1.1, LibreSSL <3.1.0

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]



We carry some compat code for old OpenSSL <1.1.1 and LibreSSL <3.1.0.
OpenSSL 1.0.x is no longer supported upstream and AFAIK LibreSSL do
not support old versions at all.

I'd like to retire this config code, which would mean that users on
platforms that include the versions of libcrypto would have to either
bring their own libcrypto or compile OpenSSH --without-openssl (and
accept the very limited crypto algorithm selection in the resulting

AFAIK most supported mainstream OSs have long since moved on from
these versions. The only OSs that seem to use OpenSSL 1.0.x are RHEL7
(in some commercial limited extended support mode) and Ubuntu 14.04
(supported until 2024/04).

IMO almost nobody will be upgrading OpenSSH on these systems, and
(also IMO) they aren't worth the cost of maintaining the
compatibility code.

Before I go ahead and delete it, does anyone have opinions to the

openssh-unix-dev mailing list

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux