[OE-core] [RFC PATCH 00/10] Add openssl 1.1
Davis, Michael
michael.davis at essvote.com
Wed May 10 15:34:05 UTC 2017
Sitting on 2.3 wouldn't be too much an issue for me, but I can't speak for others that may be in the same situation.
Do these patches / new versions require 1.1.0 or break backwards compatibility with 1.0.2?
It would be nice if it could be handled by the PREFFERED_VERSION/PREFERRERED_PROVIDER.
-----Original Message-----
From: Alexander Kanavin [mailto:alexander.kanavin at linux.intel.com]
Sent: Wednesday, May 10, 2017 10:16 AM
To: Davis, Michael; openembedded-core at lists.openembedded.org
Subject: Re: [OE-core] [RFC PATCH 00/10] Add openssl 1.1
On 05/10/2017 06:02 PM, Davis, Michael wrote:
> Won't this cause a lot of issues for those of us that require FIPS?
> I don't think 1.1 is expected to get FIPS support for some time.
https://www.openssl.org/blog/blog/2016/07/20/fips/#comment-3277656289
"There's been a delay on starting due to a priority focus on finishing
the TLS 1.3 implementation; we're still waiting on a final TLS 1.3 spec.
Schedule estimates are difficult, not only because we haven't actually
started yet but because the FIPS 140 validation process is notoriously
unpredictable. Based on the first five open source based validations I
would be surprised to see a final approved validation in less than two
years after we start, but my prognostications have been wrong before."
Would you be okay with staying on yocto 2.3 release until this is
resolved? Otherwise, this can be delayed somewhat, but "we haven't
started yet; we have no idea how long it's gonna take; probably two
years or more" does not seem like a reasonable ask. There are other
users of oe-core, who do not care about FIPS, and at the same time do
want to have 1.1.
Alex
More information about the Openembedded-core
mailing list