[OE-core] openssl: OpenSSL 1.1.x update

Hatle, Mark mark.hatle at windriver.com
Thu Oct 13 10:49:23 UTC 2016 

While this is not a fully authoritative answer, 
I believe what your wrote will be correct.  Latest 1.0.2 in 2.2.  Master (in future) will have both 1.0.2 and 1.1.0.


> On Oct 13, 2016, at 12:36, Tan, Raymond <raymond.tan at intel.com> wrote:
> 
> Warm Regards, 
> 
>  Raymond Tan
> 
>> -----Original Message-----
>> From: Mark Hatle [mailto:mark.hatle at windriver.com]
>> Sent: Thursday, October 06, 2016 11:40 PM
>> To: Khem Raj <raj.khem at gmail.com>
>> Cc: Tan, Raymond <raymond.tan at intel.com>; openembedded-
>> core at lists.openembedded.org; Gupta, Rahul KumarXX
>> <rahul.kumarxx.gupta at intel.com>
>> Subject: Re: [OE-core] openssl: OpenSSL 1.1.x update
>> 
>>> On 10/6/16 10:22 AM, Khem Raj wrote:
>>> 
>>>> On Oct 6, 2016, at 7:21 AM, Mark Hatle <mark.hatle at windriver.com>
>> wrote:
>>>> 
>>>>> On 10/5/16 9:59 PM, Khem Raj wrote:
>>>>> On Wed, Oct 5, 2016 at 7:33 PM, Mark Hatle <mark.hatle at windriver.com>
>> wrote:
>>>>>> On 10/5/16 9:11 PM, Tan, Raymond wrote:
>>>>>>> Greetings, I would like to know if there is any plan / schedule to upgrade
>> to openssl 1.1.0 into OE-core?
>>>>>> 
>>>>>> Currently 1.0.2 is the LTS version of OpenSSL.  1.1.0 is not scheduled to be
>> LTS.
>>>>>> 
>>>>>> For the upcoming release (soon), I would NOT expect 1.1.0 to be in
>>>>>> it.  There are still too many incompatibilities with other components.
>>>>>> 
>>>>>> For the next version of OE, I think it is appropriate to include
>>>>>> 1.1.0, but I would also like to maintain 1.0.2 for the time being.
>>>>>> (Beside LTS, it also is still the only way to have FIPS-140-2
>>>>>> module, as there is currently no module in the 1.1.0 -- and there
>>>>>> may not be for a while.)
>>>>> 
> 
> This means earliest possible would be post morty? And 1.0.2 would still be maintained in there due to the LTS status?
> 
> The reason I'm checking is we are trying to integrate a new QAT openssl engine, which is developed for openssl 1.1.0. 
> 
>>>>> What do we get with 1.1.0 ?
>>>> 
>>>> Latest and greatest code of course.. :)
>>>> 
>>>> Reality, not a lot more over 1.0.2... there are some significant
>>>> redesigns that should help improve overall security of the OpenSSL
>>>> library and items using the library.  But various things will have to be
>> updated to make use of this.
>>>> 
>>>> The OpenSSL community itself is looking at 1.1.0 as a transition to
>>>> newer and better design/api/etc... which is why it is not marked as a LTS
>> release.
>>> 
>>> api changes can be a bothersome point from integration POV, do we know
>>> if there are some forwarded porting incompatibilities in APIs already?
>> 
>> I have not investigated it, as my focus has been on the LTS version at this point.
>> 
>> --Mark
>> 
>>>> 
>>>> Beside my basic understanding (above) there should be information as
>>>> part of the
>>>> 1.1.0 release notes.
>>>> 
>>>> --Mark
>>>> 
>>>>>> 
>>>>>> --Mark
>>>>>> 
>>>>>>> Thanks!
>>>>>>> 
>>>>>>> Raymond Tan
>>>>>>> 
>>>>>> 
>>>>>> --
>>>>>> _______________________________________________
>>>>>> Openembedded-core mailing list
>>>>>> Openembedded-core at lists.openembedded.org
>>>>>> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>>>> 
>>> 
>

More information about the Openembedded-core mailing list