[OE-core] openssl: OpenSSL 1.1.x update
Hatle, Mark
mark.hatle at windriver.com
Thu Oct 13 10:49:23 UTC 2016
While this is not a fully authoritative answer,
I believe what your wrote will be correct. Latest 1.0.2 in 2.2. Master (in future) will have both 1.0.2 and 1.1.0.
> On Oct 13, 2016, at 12:36, Tan, Raymond <raymond.tan at intel.com> wrote:
>
> Warm Regards,
>
> Raymond Tan
>
>> -----Original Message-----
>> From: Mark Hatle [mailto:mark.hatle at windriver.com]
>> Sent: Thursday, October 06, 2016 11:40 PM
>> To: Khem Raj <raj.khem at gmail.com>
>> Cc: Tan, Raymond <raymond.tan at intel.com>; openembedded-
>> core at lists.openembedded.org; Gupta, Rahul KumarXX
>> <rahul.kumarxx.gupta at intel.com>
>> Subject: Re: [OE-core] openssl: OpenSSL 1.1.x update
>>
>>> On 10/6/16 10:22 AM, Khem Raj wrote:
>>>
>>>> On Oct 6, 2016, at 7:21 AM, Mark Hatle <mark.hatle at windriver.com>
>> wrote:
>>>>
>>>>> On 10/5/16 9:59 PM, Khem Raj wrote:
>>>>> On Wed, Oct 5, 2016 at 7:33 PM, Mark Hatle <mark.hatle at windriver.com>
>> wrote:
>>>>>> On 10/5/16 9:11 PM, Tan, Raymond wrote:
>>>>>>> Greetings, I would like to know if there is any plan / schedule to upgrade
>> to openssl 1.1.0 into OE-core?
>>>>>>
>>>>>> Currently 1.0.2 is the LTS version of OpenSSL. 1.1.0 is not scheduled to be
>> LTS.
>>>>>>
>>>>>> For the upcoming release (soon), I would NOT expect 1.1.0 to be in
>>>>>> it. There are still too many incompatibilities with other components.
>>>>>>
>>>>>> For the next version of OE, I think it is appropriate to include
>>>>>> 1.1.0, but I would also like to maintain 1.0.2 for the time being.
>>>>>> (Beside LTS, it also is still the only way to have FIPS-140-2
>>>>>> module, as there is currently no module in the 1.1.0 -- and there
>>>>>> may not be for a while.)
>>>>>
>
> This means earliest possible would be post morty? And 1.0.2 would still be maintained in there due to the LTS status?
>
> The reason I'm checking is we are trying to integrate a new QAT openssl engine, which is developed for openssl 1.1.0.
>
>>>>> What do we get with 1.1.0 ?
>>>>
>>>> Latest and greatest code of course.. :)
>>>>
>>>> Reality, not a lot more over 1.0.2... there are some significant
>>>> redesigns that should help improve overall security of the OpenSSL
>>>> library and items using the library. But various things will have to be
>> updated to make use of this.
>>>>
>>>> The OpenSSL community itself is looking at 1.1.0 as a transition to
>>>> newer and better design/api/etc... which is why it is not marked as a LTS
>> release.
>>>
>>> api changes can be a bothersome point from integration POV, do we know
>>> if there are some forwarded porting incompatibilities in APIs already?
>>
>> I have not investigated it, as my focus has been on the LTS version at this point.
>>
>> --Mark
>>
>>>>
>>>> Beside my basic understanding (above) there should be information as
>>>> part of the
>>>> 1.1.0 release notes.
>>>>
>>>> --Mark
>>>>
>>>>>>
>>>>>> --Mark
>>>>>>
>>>>>>> Thanks!
>>>>>>>
>>>>>>> Raymond Tan
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> _______________________________________________
>>>>>> Openembedded-core mailing list
>>>>>> Openembedded-core at lists.openembedded.org
>>>>>> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>>>>
>>>
>
More information about the Openembedded-core
mailing list