[Bug 1793092] Re: [FFe] openssl 1.1.1
Dimitri John Ledkov
launchpad at surgut.co.uk
Thu Sep 20 09:52:04 UTC 2018
** Description changed:
Merge openssl 1.1.1 from debian unstable.
OpenSSL 1.1.1 is now out, with TLS1.3 support, and is the new upstream
LTS release.
- Preserving existing delta:
- - Replace duplicate files in the doc directory with symlinks.
- - debian/libssl1.1.postinst:
- + Display a system restart required notification on libssl1.1
- upgrade on servers.
- + Use a different priority for libssl1.1/restart-services depending
- on whether a desktop, or server dist-upgrade is being performed.
+ Resulting in the following changes in Ubuntu:
- With further changes to diverge from Debian to:
- - Revert "Enable system default config to enforce TLS1.2 as a
- minimum" & "Increase default security level from 1 to 2".
- - Further decrease security level from 1 to 0, for compatibility with
- openssl 1.0.2.
+ - openssl moves from 1.1.0 series to 1.1.1 LTS series
- These mitigate most of the runtime incompatibilities, and ensure
- client<->server compatibility between 1.1.1, 1.1.0, and 1.0.2 series and
- thus one can continue to mix & match xenial/bionic/cosmic releases.
+ - TLS1.3 is enabled, and used by default, when possible. Major feature.
+
+ - All existing delta, and minimally accepted key sizes, and minimally
+ accepted protocol versions remain the same.
Proposed package is in
https://launchpad.net/~xnox/+archive/ubuntu/openssl with a rebuild of
all the reverse dependencies. It demonstrates that openssl compiled as
above is more compatible and has less issues than debian config. There
are a few FTBFS, which are also present in cosmic-release; there are
some test-suite expectations mismatch (connectivity succeeds with tls1.3
even though lower/different algos are expected); there are very little
connectivity tests thus connectivity interop are the biggest issues
which will be unavoidable with introducing 1.3.
+
+ ===
+
+ Ubuntu delta summary versus debian unstable in this merge:
+ - Replace duplicate files in the doc directory with symlinks.
+ - debian/libssl1.1.postinst:
+ + Display a system restart required notification on libssl1.1
+ upgrade on servers.
+ + Use a different priority for libssl1.1/restart-services depending
+ on whether a desktop, or server dist-upgrade is being performed.
+ - Revert "Enable system default config to enforce TLS1.2 as a
+ minimum" & "Increase default security level from 1 to 2".
+ - Further decrease security level from 1 to 0, for compatibility with
+ openssl 1.0.2.
+
+ These mitigate most of the runtime incompatibilities, and ensure
+ client<->server compatibility between 1.1.1, 1.1.0, and 1.0.2 series and
+ thus one can continue to mix & match xenial/bionic/cosmic releases.
** Changed in: openssl (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1793092
Title:
[FFe] openssl 1.1.1
Status in openssl package in Ubuntu:
New
Bug description:
Merge openssl 1.1.1 from debian unstable.
OpenSSL 1.1.1 is now out, with TLS1.3 support, and is the new upstream
LTS release.
Resulting in the following changes in Ubuntu:
- openssl moves from 1.1.0 series to 1.1.1 LTS series
- TLS1.3 is enabled, and used by default, when possible. Major
feature.
- All existing delta, and minimally accepted key sizes, and minimally
accepted protocol versions remain the same.
Proposed package is in
https://launchpad.net/~xnox/+archive/ubuntu/openssl with a rebuild of
all the reverse dependencies. It demonstrates that openssl compiled as
above is more compatible and has less issues than debian config. There
are a few FTBFS, which are also present in cosmic-release; there are
some test-suite expectations mismatch (connectivity succeeds with
tls1.3 even though lower/different algos are expected); there are very
little connectivity tests thus connectivity interop are the biggest
issues which will be unavoidable with introducing 1.3.
===
Ubuntu delta summary versus debian unstable in this merge:
- Replace duplicate files in the doc directory with symlinks.
- debian/libssl1.1.postinst:
+ Display a system restart required notification on libssl1.1
upgrade on servers.
+ Use a different priority for libssl1.1/restart-services depending
on whether a desktop, or server dist-upgrade is being performed.
- Revert "Enable system default config to enforce TLS1.2 as a
minimum" & "Increase default security level from 1 to 2".
- Further decrease security level from 1 to 0, for compatibility with
openssl 1.0.2.
These mitigate most of the runtime incompatibilities, and ensure
client<->server compatibility between 1.1.1, 1.1.0, and 1.0.2 series
and thus one can continue to mix & match xenial/bionic/cosmic
releases.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1793092/+subscriptions
More information about the foundations-bugs
mailing list