On Tue, Nov 02, 2021 at 09:23:32AM +0100, ste...@eissing.org wrote: > > > Am 01.11.2021 um 15:24 schrieb Joe Orton <jor...@redhat.com>: > > > > On Sun, Oct 31, 2021 at 01:35:09PM +0100, ste...@eissing.org wrote: > >> I would like us to come to an understanding what our roadmap in > >> regard to OpenSSL 3.0 is. People keep on asking about it. > >> > >> Yesterday, I spent some hours hacking at mod_ssl and mod_md to > >> get it running. I managed to compile it, but it was not working > >> reliably. Maybe I took some wrong turns somewhere. My observations > >> below. > > > > What are you talking about exactly here? trunk should compile and run > > fine already with 3.0 except if you build OpenSSL without deprecated > > functions which AFAIK nobody sane will do, or at least, no sane > > distributor will do, because the world is not ready. > > I was trying to make it work without deprecated functions. Sorry, > to have not been more clear. If we regard 3.0 conformance including > those, then this is a non-issue, aside from actually testing that > it still works.
IMO at least it's a non-issue in the "short"-ish term. Other opinions are available ;) Maybe a good transition plan would be to drop use of the deprecated functions at the same time we drop support for versions < 3.0, to ease the pain of having to support both? Upstream say they will support 1.1.1 until the late 2023, since OS vendors will support it beyond that I'd expect there's consensus here to support it for longer. Thoughts? https://www.openssl.org/policies/releasestrat.html Regards, Joe
