The version of OpenSSL that we bundle with trunk, 1.0.2p, has three CVEs and I'm attempting to upgrade it to 1.0.2t. One problem I ran into is that OpenSSL doesn't support Microsoft's assembler and now requires NASM. That will be something that we will have to add as a hard requirement for Windows.
Ideally we would upgrade to 1.1.1 because 1.0.2 goes EOL upstream at the end of the year. Unfortunately there are some API changes in 1.1.1 that break the serf build. Upgrading to the latest serf (which we should do anyway) requires scons, so this upgrade will be non-trivial. For AOO418, we really need to upgrade beyond OpenSSL 0.9.8. That version doesn't support anything newer that TLS 1.1, which is due to be deprecated in 2020. Websites will stop supporting TLS 1.1, and our users will then have problems downloading extensions and upgrades from within OpenOffice. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
