Gentoo Archives: gentoo-dev

From: Pacho Ramos <pacho@g.o>
To: gentoo-dev@l.g.o, base-system@g.o
Cc: crypto@g.o
Subject: Re: [gentoo-dev] Current status with openssl-1.1
Date: Sat, 09 Jun 2018 09:16:52
Message-Id: 1528535762.7621.1.camel@gentoo.org
In Reply to: [gentoo-dev] Current status with openssl-1.1 by Lars Wendler
1 El sáb, 09-06-2018 a las 10:22 +0200, Lars Wendler escribió:
2 >
3 > [...[
4
5 > some point.
6 >
7 > So, basically openssl is the last big showstopper for openssl-1.1 to
8 > get out of p.mask. There are some inofficial patches floating around in
9 > the WWW but each one of them has some issues and they all are not
10 > really small in size.
11 > Last time I checked, the most complete (but still to some degree
12 > broken) patch had 2800+ LOC and was 80K in size. This is definitely
13 > nothing I want to maintain as downstream, left aside the fact that
14 > openssh should not be messed with lightly regarding security
15 > implications.
16
17 Why don't try to use RedHat/Fedora patch for openssl-1.1 compat? It seems they
18 are taking care of maintaining that patch on their side
19
20 >
21 > My biggest concern right now is that openssh might still block
22 > openssl-1.1.1 once that got released. openssl-1.1.1 provides TLSv1.3
23 > which is something we should provide to our users as soon as possible
24 > and is also targeted as next LTS release.
25 >
26 >
27 >
28 > [1] https://bugs.gentoo.org/592438
29 > [2] https://bugs.gentoo.org/592578
30 >