Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 21 Mar 2018 19:09:16 +0100
From:      Bernard Spil <brnrd@FreeBSD.org>
To:        Mathieu Arnold <mat@freebsd.org>
Cc:        freebsd-ports@freebsd.org
Subject:   Re: Intent to update security/openssl-devel to 1.1.1
Message-ID:  <3958360768d443a6964f781598a37283@FreeBSD.org>
In-Reply-To: <20180321165353.aeib6uo3by73njni@ogg.in.absolight.net>
References:  <79f494bc5960dfceb97af95857e2b2dd@FreeBSD.org> <2ebfcb4f8edf8fa0c5c116ed56a9df43@FreeBSD.org> <20180321165353.aeib6uo3by73njni@ogg.in.absolight.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 2018-03-21 17:53, Mathieu Arnold wrote:
> On Wed, Mar 21, 2018 at 04:55:59PM +0100, Bernard Spil wrote:
>> I'm open to suggestions on keeping both version 1.1.0 and 1.1.1 in the 
>> tree,
> 
> Well, there is a -devel port to keep the development version of 
> OpenSSL,
> no need to have more than one development version.

The -devel port hasn't been a -devel version since August 2017 with 
r420878. Should I have put it up for reconsidering different naming back 
then?

> At one point, someone will work on updating the non -devel port to the
> 1.1 branch, but nobody has worked on that yet.

Do you agree that we should create a security/openssl11 port so that 
users can switch to that version if they wish? That would allow me to 
update -devel to 1.1.1.p3 outright. More and more I feel like I'm 
depriving early adopters of the ability to use TLSv1.3.

Myself, I consider 1.1.0 a kind-of -devel version for lack of support in 
other ports. Analogous to OpenSSL 1.0.0 which hasn't seen widespread use 
either. 1.1.1 brings additional features, primarily TLSv1.3, that make 
it a target to be really used by e.g. web-servers.

In the background I have been working on updating security/openssl to 
1.1 branch, but little of that has been visible. Amongst others I've 
revisited the ports marked BROKEN with 1.1.

The fall-out is still too large to make this viable at this moment. 
Blocking in my opinion:
  - Qt4 & Qt5 (network)
  - MIT krb5
  - net-snmp
  - MySQL

Currently blocking but fixable by switching versions
  - Erlang 19 -> 20
  - ...

Fall-out can be seen on my poudriere bulk-builder (with thanks to 
Warwick Uni for letting me use it) https://keg.brnrd.eu/
Status for 1.1(.0) branch visible here 
https://wiki.freebsd.org/OpenSSL/1.1.0

Bernard.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3958360768d443a6964f781598a37283>