Upcoming OpenSSL 1.1.0 release
Chris
chrcoluk at gmail.com
Mon Aug 29 09:15:40 UTC 2016
Dirk, it wont be as messy as the havoc it can cause on production
machines. There is several ports which have multiple versions without
a mess, I do not see wh openssl would be any different as the version
used can be put in the make.conf.
I just had a quick glance at the 1.2 changelog, and it will be a bad
idea to put this in ports replacing 1.0.2, 1.0.2 is a LTS release and
in addition 1.1.10 disables RC4 and 3des, whilst those ciphers are old
there is legitimate reasons for sysadmins to support use of those
ciphers for a while longer.
Remember we dont all run FreeBSD as a hobby some of use this in
production where we are responsible for making sure things work in a
commercial environment. Decisions have to be done carefully with this
in mind.
Also 1.1.0 is not fully backwards compatible with 1.0.x meaning
everything compiled against it has to be recompiled, which was not the
case when moving upwards on minor version revisions, it seems not much
thought has been put into these gotcha's as I seen a upgrade was
attempted only yesterday.
So I stress again, openssl needs two seperate ports, one for 1.1.x and
another for 1.0.x.
On 23 August 2016 at 12:09, Dirk Meyer <dirk.meyer at dinoex.sub.org> wrote:
>
>
>> I am excited about opensl 1.1 but I am not sure if it is right to just
>> jump the security/openssl port to it, maybe make a new
>> security/openssl11 port?
>>
>> Or move the default port but add a new security/openssl10 port for 1.0.2.
>
> this would only increase the mess we have,
> and create only more conflicts between libssl.so versions.
>
> We have done this for openssl 0.9x before, not with good results.
>
> kind regards Dirk
>
> - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany
> - [dirk.meyer at dinoex.sub.org],[dirk.meyer at guug.de],[dinoex at FreeBSD.org]
More information about the freebsd-ports
mailing list