[Bug 1759059] Re: [FFe] OpenSSL 1.1.1 series with TLS 1.3 support and longer upstream support

Dimitri John Ledkov launchpad at surgut.co.uk
Mon Mar 26 23:17:27 UTC 2018 

It entered beta, and based on stable branch now, meaning bugfixes only.

"...but may include a non-final implementation of the TLSv1.3
specification" - e.g. they can still fix up tls1.3 stuff.

No symbols have been removed, the abi is still declared as the same both
upstream and in debian. There are 365 new symbols, tagged as
OPENSSL_1_1_1 with minimum version set to the current package version.

If 1.1.1 breaks binary compatibility:
- if it is within the 1.1.1 symbols, we rebuild those packages again
- if it is within 1.1.0 symbols, we bump the symbol to 1.1.1 abi and rebuild those packages
- if we revert to 1.1.0 series, rebuild everything that gained dep on 1.1.1

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1759059

Title:
  [FFe] OpenSSL 1.1.1 series with TLS 1.3 support and longer upstream
  support

Status in openssl package in Ubuntu:
  Incomplete

Bug description:
  * TLS 1.3 is now a proposed standard

  https://www.ietf.org/mail-archive/web/ietf-
  announce/current/msg17592.html

  * OpenSSL upstream is planning OpenSSL 1.1.1 release with the
  following tentative timeline:

  - 20th March 2018, beta release 1 (pre3) (released)
    + OpenSSL_1_1_1-stable created (feature freeze)
    + master becomes basis for 1.1.2 or 1.2.0 (TBD)
  - 3rd April 2018, beta release 2 (pre4)
  - 17th April 2018, beta release 3 (pre5)
  - 1st May 2018, beta release 4 (pre6)
  - 8th May 2018, release readiness check
    (new release cycles added if required,
     first possible final release date: 15th May 2018)

  * OpenSSL 1.1.0 will then go end of life - 
    "Version 1.1.0 will be supported until one year after the release of 1.1.1"

  * Proposal to ship OpenSSL 1.1.1 in Bionic by

  - landing 1.1.1 pre3 asap
  - follow up landing pre-releases as they become available
  - continue to land pre-releases as SRUs as they become available
  - until 1.1.1 final is shipped in bionic-updates & bionic-security

  * Contingency plan:

  - If packages FTBFS, attempt to fix them before 18.04.0
  - If packages fail autopkgtests, attempt to fix them before 18.04.0
  - If TLS1.3 causes connectivity issues, consider shipping with TLS1.3 not enabled by default
  - If all of above fails, consider reverting to 1.1.0

  * Testing silo to be provided shortly

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1759059/+subscriptions

More information about the foundations-bugs mailing list