necouchman commented on PR #510: URL: https://github.com/apache/guacamole-server/pull/510#issuecomment-2068163319
> I'm not sure I understand why it's necessary for the Docker images themselves to build their own copies of OpenSSL. We need to do this for things like FreeRDP and libssh2, where distributions tend to lag behind in terms of updates, but OpenSSL is typically widely supported and rapidly patched for security. > > Wouldn't it be better to switch to whichever OpenSSL package is provided and supported by the latest Alpine? I went back and looked at the history on this in the related Jira issues, and it looks like the situation is that Alpine 3.19 drops the OpenSSL 1.x series in favor of OpenSSL 3.x, but there's a but in the libvncclient library that, when linked against OpenSSL 3.x, results in VeNCrypt logins failing. Thus, we reverted to 1.x, and then had to pin the Alpine image to 3.18, which is the last version that includes support for the OpenSSL 1.x packages. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
