[Bug 1797386] [NEW] SRU OpenSSL 1.1.1 to 18.04 LTS
Dimitri John Ledkov
launchpad at surgut.co.uk
Thu Oct 11 13:41:48 UTC 2018
Public bug reported:
[Impact]
* OpenSSL 1.1.1 is an LTS release upstream, which will continue to
receive security support for much longer than 1.1.0 series will.
* OpenSSL 1.1.1 comes with support for TLS v1.3 which is expected to be
rapidly adopted due to increased set of supported hashes & algoes, as
well as improved handshake [re-]negotiation.
* OpenSSL 1.1.1 comes with improved hw-acceleration capabilities.
* OpenSSL 1.1.1 is ABI/API compatible with 1.1.0, however some software
is sensitive to the negotiation handshake and may either need
patches/improvements or clamp-down to maximum v1.2.
[Test Case]
* Rebuild all reverse dependencies
* Execute autopkg tests for all of them
* Clamp down to TLS v1.2 software that does not support TLS v1.3 (e.g. mongodb)
* Backport TLS v1.3 support patches, where applicable
[Regression Potential]
* Connectivity interop is the biggest issues which will be unavoidable
with introducing TLS v1.3. However, tests on cosmic demonstrate that
curl/nginx/google-chrome/mozilla-firefox connect and negotiate TLS v1.3
without issues.
* Mitigation of discovered connectivity issues will be possible by
clamping down to TLS v1.2 in either server-side or client-side software
or by backporting relevant support fixes
[Other Info]
* Previous FFe for OpenSSL in 18.10 is at
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1793092
* TLS v1.3 support in NSS is expected to make it to 18.04 via security
updates
* TLS v1.3 support in GnuTLS is expected to be available in 19.04
** Affects: openssl (Ubuntu)
Importance: Undecided
Status: New
** Tags: bionic
** Tags added: bionic
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1797386
Title:
SRU OpenSSL 1.1.1 to 18.04 LTS
Status in openssl package in Ubuntu:
New
Bug description:
[Impact]
* OpenSSL 1.1.1 is an LTS release upstream, which will continue to
receive security support for much longer than 1.1.0 series will.
* OpenSSL 1.1.1 comes with support for TLS v1.3 which is expected to
be rapidly adopted due to increased set of supported hashes & algoes,
as well as improved handshake [re-]negotiation.
* OpenSSL 1.1.1 comes with improved hw-acceleration capabilities.
* OpenSSL 1.1.1 is ABI/API compatible with 1.1.0, however some
software is sensitive to the negotiation handshake and may either need
patches/improvements or clamp-down to maximum v1.2.
[Test Case]
* Rebuild all reverse dependencies
* Execute autopkg tests for all of them
* Clamp down to TLS v1.2 software that does not support TLS v1.3 (e.g. mongodb)
* Backport TLS v1.3 support patches, where applicable
[Regression Potential]
* Connectivity interop is the biggest issues which will be
unavoidable with introducing TLS v1.3. However, tests on cosmic
demonstrate that curl/nginx/google-chrome/mozilla-firefox connect and
negotiate TLS v1.3 without issues.
* Mitigation of discovered connectivity issues will be possible by
clamping down to TLS v1.2 in either server-side or client-side
software or by backporting relevant support fixes
[Other Info]
* Previous FFe for OpenSSL in 18.10 is at
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1793092
* TLS v1.3 support in NSS is expected to make it to 18.04 via
security updates
* TLS v1.3 support in GnuTLS is expected to be available in 19.04
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386/+subscriptions
More information about the foundations-bugs
mailing list