El sáb, 09-06-2018 a las 10:22 +0200, Lars Wendler escribió: > > [...[
> some point. > > So, basically openssl is the last big showstopper for openssl-1.1 to > get out of p.mask. There are some inofficial patches floating around in > the WWW but each one of them has some issues and they all are not > really small in size. > Last time I checked, the most complete (but still to some degree > broken) patch had 2800+ LOC and was 80K in size. This is definitely > nothing I want to maintain as downstream, left aside the fact that > openssh should not be messed with lightly regarding security > implications. Why don't try to use RedHat/Fedora patch for openssl-1.1 compat? It seems they are taking care of maintaining that patch on their side > > My biggest concern right now is that openssh might still block > openssl-1.1.1 once that got released. openssl-1.1.1 provides TLSv1.3 > which is something we should provide to our users as soon as possible > and is also targeted as next LTS release. > > > > [1] https://bugs.gentoo.org/592438 > [2] https://bugs.gentoo.org/592578 >
