[OE-core] openssl10 unusable for many components
Martin Jansa
martin.jansa at gmail.com
Fri Aug 18 18:55:27 UTC 2017
I don't know why they care about it, but yes it will take long time:
https://www.openssl.org/blog/blog/2017/08/17/fips/
On Fri, Aug 18, 2017 at 8:41 PM, Alexander Kanavin <
alexander.kanavin at linux.intel.com> wrote:
> On 08/18/2017 08:56 PM, Mark Hatle wrote:
>
>> Even with that patch to rename openssl10 back to openssl we still need to
>>> solve
>>> the openssl-native which wasn't reverted back to 1.0.
>>>
>>> Upstream nodejs isn't going to be openssl-1.1 for a bit longer as
>>> explained:
>>> https://github.com/nodejs/node/pull/14761
>>>
>>
>> I wanted to pull out a specific comment from the above link that shows
>> one of
>> the reasons why OpenSSL 1.1 support is delayed by many:
>>
>> 7 days ago: shigeki commented:
>>
>>> We're also waiting for FIPS support of 1.1.x. They are now working on it
>>> as https://www.openssl.org/blog/blog/2017/07/25/fips/.> ...
>>>
>>
>> Until the OpenSSL 1.1.x FIPS work is further along, a lot of projects
>> (and major
>> distributions) are going to wait to deploy it.
>>
>
> What I don't understand is why node even cares about FIPS? FIPS compliance
> is needed to win software supplier contracts with one certain government; I
> haven't seen any other reasons.
>
> Another point is that getting FIPS done will take a very long time,
> possibly two years or more, and this work is just starting now with no
> clear funding or completion date (see the openssl blog link). Meanwhile,
> all major desktop linux distros have 1.1 by default already; seems to me
> that they don't care.
>
> Alex
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20170818/ff89b93c/attachment-0002.html>
More information about the Openembedded-core
mailing list