[OE-core] openssl: OpenSSL 1.1.x update
Mark Hatle
mark.hatle at windriver.com
Thu Oct 6 14:21:26 UTC 2016
On 10/5/16 9:59 PM, Khem Raj wrote:
> On Wed, Oct 5, 2016 at 7:33 PM, Mark Hatle <mark.hatle at windriver.com> wrote:
>> On 10/5/16 9:11 PM, Tan, Raymond wrote:
>>> Greetings, I would like to know if there is any plan / schedule to upgrade to openssl 1.1.0 into OE-core?
>>
>> Currently 1.0.2 is the LTS version of OpenSSL. 1.1.0 is not scheduled to be LTS.
>>
>> For the upcoming release (soon), I would NOT expect 1.1.0 to be in it. There
>> are still too many incompatibilities with other components.
>>
>> For the next version of OE, I think it is appropriate to include 1.1.0, but I
>> would also like to maintain 1.0.2 for the time being. (Beside LTS, it also is
>> still the only way to have FIPS-140-2 module, as there is currently no module in
>> the 1.1.0 -- and there may not be for a while.)
>
> What do we get with 1.1.0 ?
Latest and greatest code of course.. :)
Reality, not a lot more over 1.0.2... there are some significant redesigns that
should help improve overall security of the OpenSSL library and items using the
library. But various things will have to be updated to make use of this.
The OpenSSL community itself is looking at 1.1.0 as a transition to newer and
better design/api/etc... which is why it is not marked as a LTS release.
Beside my basic understanding (above) there should be information as part of the
1.1.0 release notes.
--Mark
>>
>> --Mark
>>
>>> Thanks!
>>>
>>> Raymond Tan
>>>
>>
>> --
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core at lists.openembedded.org
>> http://lists.openembedded.org/mailman/listinfo/openembedded-core
More information about the Openembedded-core
mailing list