[Bug 1793092] Re: [FFe] openssl 1.1.1

Dimitri John Ledkov launchpad at surgut.co.uk
Thu Oct 4 01:27:53 UTC 2018 

** Tags removed: block-proposed

** Changed in: openssl (Ubuntu)
       Status: Triaged => Fix Committed

** Changed in: python2.7 (Ubuntu)
       Status: Triaged => Fix Committed

** Changed in: python3.6 (Ubuntu)
       Status: Triaged => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1793092

Title:
  [FFe] openssl 1.1.1

Status in openssl package in Ubuntu:
  Fix Committed
Status in python2.7 package in Ubuntu:
  Fix Committed
Status in python3.6 package in Ubuntu:
  Fix Committed

Bug description:
  Merge openssl 1.1.1 from debian unstable.

  OpenSSL 1.1.1 is now out, with TLS1.3 support, and is the new upstream
  LTS release.

  Resulting in the following changes in Ubuntu:

  - openssl moves from 1.1.0 series to 1.1.1 LTS series

  - TLS1.3 is enabled, and used by default, when possible. Major
  feature.

  - All existing delta, and minimally accepted key sizes, and minimally
  accepted protocol versions remain the same.

  Proposed package is in
  https://launchpad.net/~xnox/+archive/ubuntu/openssl with a rebuild of
  all the reverse dependencies. It demonstrates that openssl compiled as
  above is more compatible and has less issues than debian config. There
  are a few FTBFS, which are also present in cosmic-release; there are
  some test-suite expectations mismatch (connectivity succeeds with
  tls1.3 even though lower/different algos are expected); there are very
  little connectivity tests thus connectivity interop are the biggest
  issues which will be unavoidable with introducing 1.3.

  ===

  Ubuntu delta summary versus debian unstable in this merge:
  - Replace duplicate files in the doc directory with symlinks.
  - debian/libssl1.1.postinst:
    + Display a system restart required notification on libssl1.1
      upgrade on servers.
    + Use a different priority for libssl1.1/restart-services depending
      on whether a desktop, or server dist-upgrade is being performed.
  - Revert "Enable system default config to enforce TLS1.2 as a
    minimum" & "Increase default security level from 1 to 2".
  - Further decrease security level from 1 to 0, for compatibility with
    openssl 1.0.2.

  These mitigate most of the runtime incompatibilities, and ensure
  client<->server compatibility between 1.1.1, 1.1.0, and 1.0.2 series
  and thus one can continue to mix & match xenial/bionic/cosmic
  releases.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1793092/+subscriptions

More information about the foundations-bugs mailing list