On 08/18/2017 08:56 PM, Mark Hatle wrote:
Even with that patch to rename openssl10 back to openssl we still need to solve
the openssl-native which wasn't reverted back to 1.0.
Upstream nodejs isn't going to be openssl-1.1 for a bit longer as explained:
https://github.com/nodejs/node/pull/14761
I wanted to pull out a specific comment from the above link that shows one of
the reasons why OpenSSL 1.1 support is delayed by many:
7 days ago: shigeki commented:
We're also waiting for FIPS support of 1.1.x. They are now working on it as
https://www.openssl.org/blog/blog/2017/07/25/fips/.> ...
Until the OpenSSL 1.1.x FIPS work is further along, a lot of projects (and major
distributions) are going to wait to deploy it.
What I don't understand is why node even cares about FIPS? FIPS
compliance is needed to win software supplier contracts with one certain
government; I haven't seen any other reasons.
Another point is that getting FIPS done will take a very long time,
possibly two years or more, and this work is just starting now with no
clear funding or completion date (see the openssl blog link). Meanwhile,
all major desktop linux distros have 1.1 by default already; seems to me
that they don't care.
Alex
--
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
