Comment 0 for bug 1797386
Revision history for this message
| Dimitri John Ledkov (xnox) wrote SRU OpenSSL 1.1.1 to 18.04 LTS | #0 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
513534c
demo site
(Get the code!)
[Impact]
* OpenSSL 1.1.1 is an LTS release upstream, which will continue to receive security support for much longer than 1.1.0 series will.
* OpenSSL 1.1.1 comes with support for TLS v1.3 which is expected to be rapidly adopted due to increased set of supported hashes & algoes, as well as improved handshake [re-]negotiation.
* OpenSSL 1.1.1 comes with improved hw-acceleration capabilities.
* OpenSSL 1.1.1 is ABI/API compatible with 1.1.0, however some software is sensitive to the negotiation handshake and may either need patches/
[Test Case]
* Rebuild all reverse dependencies
* Execute autopkg tests for all of them
* Clamp down to TLS v1.2 software that does not support TLS v1.3 (e.g. mongodb)
* Backport TLS v1.3 support patches, where applicable
[Regression Potential]
* Connectivity interop is the biggest issues which will be unavoidable with introducing TLS v1.3. However, tests on cosmic demonstrate that curl/nginx/
* Mitigation of discovered connectivity issues will be possible by clamping down to TLS v1.2 in either server-side or client-side software or by backporting relevant support fixes
[Other Info]
* Previous FFe for OpenSSL in 18.10 is at
https:/
* TLS v1.3 support in NSS is expected to make it to 18.04 via security updates
* TLS v1.3 support in GnuTLS is expected to be available in 19.04