[OE-core] openssl: OpenSSL 1.1.x update

Tan, Raymond raymond.tan at intel.com
Thu Oct 13 10:35:57 UTC 2016 

Warm Regards, 

 Raymond Tan

> -----Original Message-----
> From: Mark Hatle [mailto:mark.hatle at windriver.com]
> Sent: Thursday, October 06, 2016 11:40 PM
> To: Khem Raj <raj.khem at gmail.com>
> Cc: Tan, Raymond <raymond.tan at intel.com>; openembedded-
> core at lists.openembedded.org; Gupta, Rahul KumarXX
> <rahul.kumarxx.gupta at intel.com>
> Subject: Re: [OE-core] openssl: OpenSSL 1.1.x update
> 
> On 10/6/16 10:22 AM, Khem Raj wrote:
> >
> >> On Oct 6, 2016, at 7:21 AM, Mark Hatle <mark.hatle at windriver.com>
> wrote:
> >>
> >> On 10/5/16 9:59 PM, Khem Raj wrote:
> >>> On Wed, Oct 5, 2016 at 7:33 PM, Mark Hatle <mark.hatle at windriver.com>
> wrote:
> >>>> On 10/5/16 9:11 PM, Tan, Raymond wrote:
> >>>>> Greetings, I would like to know if there is any plan / schedule to upgrade
> to openssl 1.1.0 into OE-core?
> >>>>
> >>>> Currently 1.0.2 is the LTS version of OpenSSL.  1.1.0 is not scheduled to be
> LTS.
> >>>>
> >>>> For the upcoming release (soon), I would NOT expect 1.1.0 to be in
> >>>> it.  There are still too many incompatibilities with other components.
> >>>>
> >>>> For the next version of OE, I think it is appropriate to include
> >>>> 1.1.0, but I would also like to maintain 1.0.2 for the time being.
> >>>> (Beside LTS, it also is still the only way to have FIPS-140-2
> >>>> module, as there is currently no module in the 1.1.0 -- and there
> >>>> may not be for a while.)
> >>>

This means earliest possible would be post morty? And 1.0.2 would still be maintained in there due to the LTS status?

The reason I'm checking is we are trying to integrate a new QAT openssl engine, which is developed for openssl 1.1.0. 

> >>> What do we get with 1.1.0 ?
> >>
> >> Latest and greatest code of course.. :)
> >>
> >> Reality, not a lot more over 1.0.2... there are some significant
> >> redesigns that should help improve overall security of the OpenSSL
> >> library and items using the library.  But various things will have to be
> updated to make use of this.
> >>
> >> The OpenSSL community itself is looking at 1.1.0 as a transition to
> >> newer and better design/api/etc... which is why it is not marked as a LTS
> release.
> >
> > api changes can be a bothersome point from integration POV, do we know
> > if there are some forwarded porting incompatibilities in APIs already?
> 
> I have not investigated it, as my focus has been on the LTS version at this point.
> 
> --Mark
> 
> >>
> >> Beside my basic understanding (above) there should be information as
> >> part of the
> >> 1.1.0 release notes.
> >>
> >> --Mark
> >>
> >>>>
> >>>> --Mark
> >>>>
> >>>>> Thanks!
> >>>>>
> >>>>> Raymond Tan
> >>>>>
> >>>>
> >>>> --
> >>>> _______________________________________________
> >>>> Openembedded-core mailing list
> >>>> Openembedded-core at lists.openembedded.org
> >>>> http://lists.openembedded.org/mailman/listinfo/openembedded-core
> >>
> >

More information about the Openembedded-core mailing list