I opened Pull Request for this. Please take a look.
https://github.com/apache/trafficserver/pull/5074
- Masaori
2019年2月27日(水) 6:32 Bryan Call :
> +1
>
> -Bryan
>
> > On Feb 25, 2019, at 5:06 PM, Masaori Koshiba wrote:
> >
> > Our conclusion is below
> >
> > 1). Move minimum OpenSSL version of
+1
-Bryan
> On Feb 25, 2019, at 5:06 PM, Masaori Koshiba wrote:
>
> Our conclusion is below
>
> 1). Move minimum OpenSSL version of ATS v9.0.0 to 1.0.2.
>
> 2). ATS v9.0.0 also drop support for the following platforms because of
> openssl version
>
> - CentOS 6 (OpenSSL v1.0.1e)
> - Ubuntu
This sounds like a solid plan for deprecating support for older OSes and
updating our requirements for OpenSSL.
Thanks,
Steven
On 2/25/19, 9:06 PM, "Masaori Koshiba" wrote:
Our conclusion is below
1). Move minimum OpenSSL version of ATS v9.0.0 to 1.0.2.
2). ATS v9.0.0 al
Our conclusion is below
1). Move minimum OpenSSL version of ATS v9.0.0 to 1.0.2.
2). ATS v9.0.0 also drop support for the following platforms because of
openssl version
- CentOS 6 (OpenSSL v1.0.1e)
- Ubuntu 14.04 (OpenSSL v1.0.1f)
3). ATS v8.x.x keeps OpenSSL 1.0.1 support until EOL
For th
Masaori,
Sounds like good reasoning. I am completely ok with moving the minimum
with 1.0.2 as long as CentOS 6 is dropped at the same time.
WRT the vulnerabilities in 1.0.1, RedHat has been cherry-picking back
security fixes from newer openssl's into their Openssl 1.0.1 version, so it
is probabl
This is incompatible change, so the change will be done on next major
release, ATS 9.
We’re going to have OpenSSL 1.0.1 with CentOS 6 support on ATS 8 anyway. It
looks like
ATS 8 will end of life at similar timing of CentOS 6[*1]. So people using
CentOS 6 can use
OpenSSL 1.0.1 and ATS 8 until late
A quick search shows only instructions for how to build openssl 1.0.2 from
source on Rhel6/Centos6. If there is an epel-like rpm it does not seem to
be well advertised.
I'd suggest keeping the openssl minimum version to 1.0.1 until we stop
support for Centos 6.
On Fri, Feb 22, 2019 at 11:41 AM L
> On Feb 22, 2019, at 10:15 AM, Susan Hinrichs
> wrote:
>
> Definitely at least drawing the line at openssl 1.0.1 makes sense. As Leif
> notes moving to 1.0.2 for the baseline means that some supported
> distributions cannot use the system openssl. For Centos6 anyway we require
> a replacem
Definitely at least drawing the line at openssl 1.0.1 makes sense. As Leif
notes moving to 1.0.2 for the baseline means that some supported
distributions cannot use the system openssl. For Centos6 anyway we require
a replacement for the system compiler which you can acquire from
devtoolset. Is t
> On Feb 21, 2019, at 11:37 PM, Masaori Koshiba wrote:
>
> Hi all,
>
> Could we bump minimum requirements of OpenSSL version to 1.0.2 on next
> major release?
>
> I just noticed that SSLUtils says that Traffic Server requires an OpenSSL
> library version 0.9.4 or greater [*1].
> But I think
10 matches
Mail list logo
