From Fedora Project Wiki

Revision as of 09:50, 13 September 2016 by Tmraz (talk | contribs) (Created page with "= OpenSSL 1.1.0 = == Summary == Rebase of OpenSSL package to 1.1.0 version == Owner == * Name: Tomáš Mráz resolved. If the change proposal is owned by a S...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

OpenSSL 1.1.0

Summary

Rebase of OpenSSL package to 1.1.0 version

Owner

resolved. If the change proposal is owned by a SIG, please also add a primary contact person. -->

  • Email: tmraz@redhat.com
  • Release notes owner:

Current status

  • Targeted release: Fedora 26
  • Last updated: 2016-09-13
  • Tracker bug: <will be assigned by the Wrangler>

Detailed Description

Update the OpenSSL library to the 1.1.0 branch in Fedora to bring multiple big improvements, new cryptographic algorithms, and new API that allows for keeping ABI stability in future upgrades. We will also add compat openssl102 package so the applications and other dependencies which are not ported yet to the new API continue to work.

Benefit to Fedora

The main benefit is to be able to keep with any improvements the upstream development of OpenSSL brings. The old 1.0.2 branch will get only bug fixes and security fixes. To get any new features we need to rebase to the 1.1.0 branch which brings long awaited API/ABI cleanup.

Scope

  • Proposal owners: Prepare and test rebased openssl package. Prepare and test compat openssl102 package. Help with patching and rebuilding dependent packages.
  • Other developers: Patch and rebuild your package if it uses OpenSSL library (proposal owner will help).
  • Release engineering: N/A unless we decide that separate branch is needed. Mass rebuild will not help as the packages have to be patched for the API changes.
  • Policies and guidelines: N/A
  • Trademark approval: N/A

Upgrade/compatibility impact

There should be no impact except for continued removal/deprecation of old insecure algorithms and protocols which we performed already for multiple OpenSSL updates.

How To Test

If your application uses OpenSSL to communicate via TLS or perform other tasks that use cryptographic algorithms from OpenSSL, please test whether it continues to work properly.

User Experience

N/A

Dependencies

To be filled in later.

Contingency Plan

  • Contingency mechanism: Revert OpenSSL back to 1.0.2 branch, rebuild the packages that were previously rebuilt with 1.1.0 package.
  • Contingency deadline: Beta
  • Blocks release? No
  • Blocks product? No

Documentation

[1.1.0 branch ChangeLog]

[API changes documentation]

Release Notes