From owner-freebsd-ports@freebsd.org Tue Aug 23 12:47:24 2016 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9DAEDBC3932 for ; Tue, 23 Aug 2016 12:47:24 +0000 (UTC) (envelope-from fbsd@xtaz.co.uk) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 8604D1D0B for ; Tue, 23 Aug 2016 12:47:24 +0000 (UTC) (envelope-from fbsd@xtaz.co.uk) Received: by mailman.ysv.freebsd.org (Postfix) id 85772BC3931; Tue, 23 Aug 2016 12:47:24 +0000 (UTC) Delivered-To: ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 851A0BC3930 for ; Tue, 23 Aug 2016 12:47:24 +0000 (UTC) (envelope-from fbsd@xtaz.co.uk) Received: from mail.xtaz.uk (tao.xtaz.uk [IPv6:2001:8b0:fe33::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 45D541D08; Tue, 23 Aug 2016 12:47:23 +0000 (UTC) (envelope-from fbsd@xtaz.co.uk) Received: by mail.xtaz.uk (Postfix, from userid 1001) id 6325E209AF4D; Tue, 23 Aug 2016 13:42:01 +0100 (BST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=xtaz.co.uk; s=mail; t=1471956121; x=1473770521; bh=FmADou9p//Vy1HUvP7G8UjLK84fhnzRtLA8ekvnrDZw=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=K77HE1WvPrE5PFtt2DpRXRt13d9niAytPKTCjtpcUEZcYTifJVi/GIS2/CUMjWkKw +p+1QuN/JMmNCOMPTsv1TFRYzEZUcyop+/nE68HPR0kcv/N9C19VCa7xsJkz7t5lTE esUe9Gj/3EObv0vbpZjAsFTU/4fJN+qLoawZVIubO8maz664i2MeL0qlVj+GCb/FYu 3JEZvDJhxShuM92XnLIfvwGgh+Ux4DtCBeEZWrDKjHOcwIKKuVOZolspyLjPSFoLxJ iQlMcs6qeecmi+hNS4Wxcq//QDqT5RxtgtIIR7oThJLIizUkJR/kk6WPavnUpOEcDT UpmM3kt8ViJyA== Date: Tue, 23 Aug 2016 13:42:01 +0100 From: Matt Smith To: Mathieu Arnold Cc: Bernard Spil , ports@freebsd.org Subject: Re: Upcoming OpenSSL 1.1.0 release Message-ID: <20160823124201.GB48814@xtaz.uk> Mail-Followup-To: Matt Smith , Mathieu Arnold , Bernard Spil , ports@freebsd.org References: <6d35459045985929d061f3c6cca85efe@imap.brnrd.eu> <0E328A9485C47045F93C19AB@atuin.in.mat.cc> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1; format=flowed Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <0E328A9485C47045F93C19AB@atuin.in.mat.cc> User-Agent: Mutt/1.6.1 (2016-04-27) X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Aug 2016 12:47:24 -0000 On Aug 22 20:39, Mathieu Arnold wrote: >ports-committers is a *NEVER POST DIRECTLY TO* list, so, moving it to >ports@ where this belongs a lot more. > >+--On 22 août 2016 20:30:15 +0200 Bernard Spil wrote: >| Curious to know how we should procede with the upgrade of the OpenSSL >| port to 1.1.0! > >All ports need to work with it, I'm sure software like BIND9 do not build >with it. > >-- >Mathieu Arnold Going slightly off-topic, I'm curious what the opinion is around this and LibreSSL. My understanding is that LibreSSL was forked from OpenSSL 1.0.1 and they have not backported newer stuff from OpenSSL. I also believe OpenSSL now has several full time paid developers working on it and that the 1.1 release has some significant changes under the hood? I've been using LibreSSL for a while so that I can get chacha20 support but OpenSSL 1.1 will not only have chacha20, but will also have x25519 support as well. This along with what I said above is making me think it might be better to go back to OpenSSL. I just wondered what people in the know think about the current situation with these two things. Plus are there any roadmaps for the future of FreeBSD regarding the defaults. Is the project ever going to look at making LibreSSL the default port, or will that be kept as OpenSSL for many years to come? I know Bernard has been looking into that and playing around with LibreSSL in base etc. Just curious what the official policy is going to be on that. -- Matt