[OE-core] openssl10 unusable for many components
Alexander Kanavin
alexander.kanavin at linux.intel.com
Fri Aug 18 18:41:44 UTC 2017
On 08/18/2017 08:56 PM, Mark Hatle wrote:
>> Even with that patch to rename openssl10 back to openssl we still need to solve
>> the openssl-native which wasn't reverted back to 1.0.
>>
>> Upstream nodejs isn't going to be openssl-1.1 for a bit longer as explained:
>> https://github.com/nodejs/node/pull/14761
>
> I wanted to pull out a specific comment from the above link that shows one of
> the reasons why OpenSSL 1.1 support is delayed by many:
>
> 7 days ago: shigeki commented:
>> We're also waiting for FIPS support of 1.1.x. They are now working on it as https://www.openssl.org/blog/blog/2017/07/25/fips/.> ...
>
> Until the OpenSSL 1.1.x FIPS work is further along, a lot of projects (and major
> distributions) are going to wait to deploy it.
What I don't understand is why node even cares about FIPS? FIPS
compliance is needed to win software supplier contracts with one certain
government; I haven't seen any other reasons.
Another point is that getting FIPS done will take a very long time,
possibly two years or more, and this work is just starting now with no
clear funding or completion date (see the openssl blog link). Meanwhile,
all major desktop linux distros have 1.1 by default already; seems to me
that they don't care.
Alex
More information about the Openembedded-core
mailing list