[OE-core] openssl: OpenSSL 1.1.x update

Mark Hatle mark.hatle at windriver.com
Thu Oct 6 15:39:53 UTC 2016 

On 10/6/16 10:22 AM, Khem Raj wrote:
> 
>> On Oct 6, 2016, at 7:21 AM, Mark Hatle <mark.hatle at windriver.com> wrote:
>>
>> On 10/5/16 9:59 PM, Khem Raj wrote:
>>> On Wed, Oct 5, 2016 at 7:33 PM, Mark Hatle <mark.hatle at windriver.com> wrote:
>>>> On 10/5/16 9:11 PM, Tan, Raymond wrote:
>>>>> Greetings, I would like to know if there is any plan / schedule to upgrade to openssl 1.1.0 into OE-core?
>>>>
>>>> Currently 1.0.2 is the LTS version of OpenSSL.  1.1.0 is not scheduled to be LTS.
>>>>
>>>> For the upcoming release (soon), I would NOT expect 1.1.0 to be in it.  There
>>>> are still too many incompatibilities with other components.
>>>>
>>>> For the next version of OE, I think it is appropriate to include 1.1.0, but I
>>>> would also like to maintain 1.0.2 for the time being.  (Beside LTS, it also is
>>>> still the only way to have FIPS-140-2 module, as there is currently no module in
>>>> the 1.1.0 -- and there may not be for a while.)
>>>
>>> What do we get with 1.1.0 ?
>>
>> Latest and greatest code of course.. :)
>>
>> Reality, not a lot more over 1.0.2... there are some significant redesigns that
>> should help improve overall security of the OpenSSL library and items using the
>> library.  But various things will have to be updated to make use of this.
>>
>> The OpenSSL community itself is looking at 1.1.0 as a transition to newer and
>> better design/api/etc... which is why it is not marked as a LTS release.
> 
> api changes can be a bothersome point from integration POV, do we know if there
> are some forwarded porting incompatibilities in APIs already?

I have not investigated it, as my focus has been on the LTS version at this point.

--Mark

>>
>> Beside my basic understanding (above) there should be information as part of the
>> 1.1.0 release notes.
>>
>> --Mark
>>
>>>>
>>>> --Mark
>>>>
>>>>> Thanks!
>>>>>
>>>>> Raymond Tan
>>>>>
>>>>
>>>> --
>>>> _______________________________________________
>>>> Openembedded-core mailing list
>>>> Openembedded-core at lists.openembedded.org
>>>> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>>
>

More information about the Openembedded-core mailing list