Menu
▾
▴
Re: [Astlinux-devel] OpenSSL 1.1.1 EoL
|
From: Lonnie A. <li...@lo...> - 2023-11-21 20:14:32
|
Hi Michael, The team has discussed what it would take switching to OpenSSL 3.0.x . Sadly it is never simple. AstLinux has about 32 packages that use OpenSSL. For the OpenSSL 1.0.2 -> 1.1.1 transition (2018-2019) every package required code changes to use OpenSSL 1.1.1. As such it took almost a year after the 1.0.2 EOL date before 1.1.1 was a practical replacement. For the OpenSSL 1.1.1 -> 3.0.x transition (2023-2024) things are not as dire, in theory many/most packages should compile without changes but generates deprecation warnings at compile time. Very few packages natively support OpenSSL 3.0.x. We will know more when we dig into the issue. The good news is Debian supports OpenSSL 1.1.1 in both buster (security) and bullseye (security) [1]. If there are any major CVEs discovered in 1.1.1, fixes should appear as patches until we can switch to 3.0.x. Keep in mind that newer does not imply better. For example OpenVPN CVE-2023-46850 [2] does not effect OpenVPN 2.4.x or 2.5.x. Lonnie [1] https://security-tracker.debian.org/tracker/source-package/openssl [2] https://security-tracker.debian.org/tracker/CVE-2023-46850 > On Nov 21, 2023, at 1:36 AM, Michael Knill <mic...@ip...> wrote: > > Just wondering how this is going to affect Astlinux and specifically OpenVPN which I use quite a bit. > I know pfSense has moved to OpenSSL 3.0 for this reason and it was not an easy update? > > Regards > > Michael Knill > Managing Director > > D: +61 2 6189 1360 > P: +61 2 6140 4656 > E: mic...@ip... > W: ipcsolutions.com.au > > <image001.png> > Smarter Business Communications > > _______________________________________________ > Astlinux-devel mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-devel |
