Openembedded Core Discussions
 help / color / mirror / Atom feed
From: Mark Hatle <mark.hatle@windriver.com>
To: Khem Raj <raj.khem@gmail.com>
Cc: "Gupta, Rahul KumarXX" <rahul.kumarxx.gupta@intel.com>,
	"openembedded-core@lists.openembedded.org"
	<openembedded-core@lists.openembedded.org>
Subject: Re: openssl: OpenSSL 1.1.x update
Date: Thu, 6 Oct 2016 10:39:53 -0500	[thread overview]
Message-ID: <89015693-dfeb-5b47-7c2b-386c85571dec@windriver.com> (raw)
In-Reply-To: <4F081825-2EC8-4F85-9E55-1E24F215723D@gmail.com>

On 10/6/16 10:22 AM, Khem Raj wrote:
> 
>> On Oct 6, 2016, at 7:21 AM, Mark Hatle <mark.hatle@windriver.com> wrote:
>>
>> On 10/5/16 9:59 PM, Khem Raj wrote:
>>> On Wed, Oct 5, 2016 at 7:33 PM, Mark Hatle <mark.hatle@windriver.com> wrote:
>>>> On 10/5/16 9:11 PM, Tan, Raymond wrote:
>>>>> Greetings, I would like to know if there is any plan / schedule to upgrade to openssl 1.1.0 into OE-core?
>>>>
>>>> Currently 1.0.2 is the LTS version of OpenSSL.  1.1.0 is not scheduled to be LTS.
>>>>
>>>> For the upcoming release (soon), I would NOT expect 1.1.0 to be in it.  There
>>>> are still too many incompatibilities with other components.
>>>>
>>>> For the next version of OE, I think it is appropriate to include 1.1.0, but I
>>>> would also like to maintain 1.0.2 for the time being.  (Beside LTS, it also is
>>>> still the only way to have FIPS-140-2 module, as there is currently no module in
>>>> the 1.1.0 -- and there may not be for a while.)
>>>
>>> What do we get with 1.1.0 ?
>>
>> Latest and greatest code of course.. :)
>>
>> Reality, not a lot more over 1.0.2... there are some significant redesigns that
>> should help improve overall security of the OpenSSL library and items using the
>> library.  But various things will have to be updated to make use of this.
>>
>> The OpenSSL community itself is looking at 1.1.0 as a transition to newer and
>> better design/api/etc... which is why it is not marked as a LTS release.
> 
> api changes can be a bothersome point from integration POV, do we know if there
> are some forwarded porting incompatibilities in APIs already?

I have not investigated it, as my focus has been on the LTS version at this point.

--Mark

>>
>> Beside my basic understanding (above) there should be information as part of the
>> 1.1.0 release notes.
>>
>> --Mark
>>
>>>>
>>>> --Mark
>>>>
>>>>> Thanks!
>>>>>
>>>>> Raymond Tan
>>>>>
>>>>
>>>> --
>>>> _______________________________________________
>>>> Openembedded-core mailing list
>>>> Openembedded-core@lists.openembedded.org
>>>> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>>
> 



  reply	other threads:[~2016-10-06 15:39 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-10-06  2:11 openssl: OpenSSL 1.1.x update Tan, Raymond
2016-10-06  2:33 ` Mark Hatle
2016-10-06  2:59   ` Khem Raj
2016-10-06 14:21     ` Mark Hatle
2016-10-06 15:22       ` Khem Raj
2016-10-06 15:39         ` Mark Hatle [this message]
2016-10-13 10:35           ` Tan, Raymond
2016-10-13 10:49             ` Hatle, Mark
2016-12-13 16:00           ` Alexander Kanavin
2016-10-06  2:44 ` Paul Eggleton

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=89015693-dfeb-5b47-7c2b-386c85571dec@windriver.com \
    --to=mark.hatle@windriver.com \
    --cc=openembedded-core@lists.openembedded.org \
    --cc=rahul.kumarxx.gupta@intel.com \
    --cc=raj.khem@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox