The Doctor
2018-Sep-11 14:17 UTC
[matt@openssl.org: Re: [openssl-users] openssl 1.0.2 and TLS 1.3]
----- Forwarded message from Matt Caswell <matt at openssl.org> ----- Date: Tue, 11 Sep 2018 15:01:38 +0100 From: Matt Caswell <matt at openssl.org> To: openssl-users at openssl.org Subject: Re: [openssl-users] openssl 1.0.2 and TLS 1.3 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 On 11/09/18 14:58, The Doctor wrote:> On Tue, Sep 11, 2018 at 09:31:23AM +0100, Matt Caswell wrote: >> >> >> On 11/09/18 09:05, Dr. Matthias St. Pierre wrote: >>>> Von: openssl-users <openssl-users-bounces at openssl.org> Im Auftrag von The Doctor >>>> Gesendet: Dienstag, 11. September 2018 08:49 >>>> An: openssl-users at openssl.org; openssl-dev at openssl.org >>>> Betreff: [openssl-users] openssl 1.0.2 and TLS 1.3 >>>> >>>> Will that combination occur? >>> >>> Support for TLS 1.3 is a new feature in OpenSSL 1.1.1 which will be released today. >>> OpenSSL 1.0.2 is an LTS release which will only receive security updates and no new >>> features. >> >> Strictly speaking 1.0.2 will receive bug fixes and security fixes until >> the end of this year. From the end of this year until the end of 2019 it >> will receive security fixes only. In any case it will receive no new >> features (including TLSv1.3). >> >> >From the release of 1.1.1 (today), 1.1.0 will receive security fixes >> only for one year. >> >> Matt >> >> > > Got you. > > So Openssh, NTPd, MOd_pagespeed have to adopt OPEnssl 1.1X API > in order to use TLS 1.3 .Yes. I would encourage *all* applications still on the 1.0.x API to move to 1.1.1 asap. By the end of next year there will be no supported OpenSSL version that has the old API. Matt> >> >>> >>> HTH, >>> Matthias >>> >>> See also >>> https://wiki.openssl.org/index.php/TLS1.3 >>> https://www.openssl.org/policies/releasestrat.html >>> >>> >>> >> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ----- End forwarded message ----- Just getting word from openssl on TLS 1.3 -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism NB 24 Sept vote Liberal! Quebec votez contre le PQ et le QS des 1 October 2018!
Damien Miller
2018-Sep-13 05:16 UTC
[matt@openssl.org: Re: [openssl-users] openssl 1.0.2 and TLS 1.3]
On Tue, 11 Sep 2018, The Doctor wrote:> Yes. I would encourage *all* applications still on the 1.0.x API to move > to 1.1.1 asap. By the end of next year there will be no supported > OpenSSL version that has the old API.done; just finishing up the unit tests> commit 48f54b9d12c1c79fba333bc86d455d8f4cda8cfc > Author: Damien Miller <djm at mindrot.org> > Date: Thu Sep 13 12:13:50 2018 +1000 > > adapt -portable to OpenSSL 1.1x API > > Polyfill missing API with replacement functions extracted from LibreSSL > > commit 482d23bcacdd3664f21cc82a5135f66fc598275f > Author: djm at openbsd.org <djm at openbsd.org> > Date: Thu Sep 13 02:08:33 2018 +0000 > > upstream: hold our collective noses and use the openssl-1.1.x API in > > OpenSSH; feedback and ok tb@ jsing@ markus@ > > OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417