Date: Sat, 9 Jan 2021 12:11:33 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> To: John Baldwin <jhb@FreeBSD.org>, Andrew Gallatin <gallatin@cs.duke.edu>, freebsd-arch@FreeBSD.org, Rick Macklem <rmacklem@uoguelph.ca>, Allan Jude <allanjude@freebsd.org> Subject: Re: Should we enable KERN_TLS on amd64 for FreeBSD 13? Message-ID: <c794ff66-ff63-ee89-b461-b796f3de0365@quip.cz> In-Reply-To: <20210109022409.GL31099@funkthat.com> References: <8eff83e5-49bc-d410-626e-603c03877b80@cs.duke.edu> <20210108214446.GJ31099@funkthat.com> <4fe4a57c-8c43-a677-4872-d0671104c414@FreeBSD.org> <20210109022409.GL31099@funkthat.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 09/01/2021 03:24, John-Mark Gurney wrote: > John Baldwin wrote this message on Fri, Jan 08, 2021 at 17:03 -0800: [...] > Considering that 1.1.1 support will end long before the support time of > 13-current ends, that's only two+ years of work to merge supported > patches, then we're on our own anyways.. > >> Personally, it would make my life a bit happier as a developer using >> KTLS for it to at least be in GENERIC by default, but that's a pretty >> narrow use case. :) > > I forget about the OpenSSL status in ports, do all ports that use > OpenSSL use ports OpenSSL? I guess not, because git-lite didn't > install OpenSSL, but supports https... > > If none(almost none) of the FreeBSD software (or ports) uses it by > default, then my vote changes to 3, which is to not enable it. AFAIK all ports uses base OpenSSL. I have a question for a long time - what is the benefit to have ports build with base OpenSSL instead of ports OpenSSL? For example for FreeBSD 11.4 it causes many ports unbuildable because base OpenSSL is 1.0 but many ports need 1.1.1. I was using PC-BSD on desktop where all ports were built with LibreSSL, then I switched ports in out poudriere builder for servers to use OpenSSL from ports because we needed newer version (newer features). Everything works fine on 25+ machines on FreeBSD 11.4 with OpenSSL 1.1.1 from ports. So why ports are not built with OpenSSL from ports by default? Can it cause some problems in some edge cases? Kind regards Miroslav Lachman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c794ff66-ff63-ee89-b461-b796f3de0365>