-
-
Notifications
You must be signed in to change notification settings - Fork 14.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
openssl_1_1 mark as insecure/remove before 23.05 branchoff #210452
Comments
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
Apparently this https://github.com/loqs/PACKAGES-OSSL3 exists, which might come in handy |
This includes the following upstream changes: * tvl/cl/7818: bump of all Rust dependency versions * tvl/cl/7819: bump of version number to current revision Prompted by #210452
|
|
This includes the following upstream changes: * tvl/cl/7818: bump of all Rust dependency versions * tvl/cl/7819: bump of version number to current revision Prompted by NixOS#210452
As OpenSSL 1.1.1 will reach end of life on 11 Sep 2023. Reference: NixOS#210452
As OpenSSL 1.1.1 will reach end of life on 11 Sep 2023. Reference: NixOS#210452
As OpenSSL 1.1.1 will reach end of life on 11 Sep 2023. Reference: #210452
Not sure if I'm just doing this wrong, but {
packageOverrides = pkgs: rec {
openssl = pkgs.openssl_legacy;
};
} fails due to infinite recursion. Should we instead have |
This should work with an overlay, I think. Are you sure you want to enable the legacy provider for everything that you're building though? |
OpenSSL 1.1.1 (we call it
openssl_1_1
) will reach end of life on 11 Sep 2023.This means we should either mark it insecure or ideally completely remove it before the 23.11 release.
The default was already switched in #150093, so most thing should use
openssl_3
now.For applications that support the OpenSSL 3 API, but need old and broken cryptography, there's also
openssl_legacy
, which will be supported, because it's justopenssl_3
but with the legacy crypto provider enabled.This is a tracking issue to reference and coordinate this work.
cc @NickCao
The text was updated successfully, but these errors were encountered: