news 28 Posted November 1, 2016 Hi, I just uploaded OpenSSL 1.1.0 to unstable. There are still many packages that fail to build using OpenSSL 1.1.0. For most packages it should be easy to migrate 1.1.0. The most common problems when going to OpenSSL 1.1.0 are: - configure trying to detect a function that's now a macro. - Accessing members of structures that have now become opaque. You now need to use function to get or set them. The changes required are ussually very easy and do not take a long time to implement. Many upstream projects have already done the work or are working on it. Fedora is also doing the OpenSSL 1.1.0 migration. So both places are a good place to look at to see if they have already done the work. There might also be packages for which the changes are more involved and that can't be fixed in time for the release. If you want to stay with OpenSSL 1.0.2 you need to change your Build-Depends from libssl-dev to libssl1.0-dev. I would like to encourage that at least the packages that are making use of libssl and not just libcrypto move to OpenSSL 1.1.0 because it contains important new features. It adds support for among other things of: - Extended master secret: This fixes the triple handshake problem in TLS. - Chacha20-poly1305 - X25519 If you have any problems feel free to contact us. Kurt Share this post Link to post
