To be honest, I think we are *stuck* with OpenSSL 1.0.2 until Serf is upgraded to support 1.1
> On Nov 10, 2021, at 12:22 PM, Matthias Seidel <[email protected]> > wrote: > > Am 10.11.21 um 18:05 schrieb Jim Jagielski: >> Ugg ugg and double ugg >> >> We seem to be stuck in a chicken-and-egg situation. >> >> Do we *really* need OpenSSL 1.1? Because even the latest release of serf >> doesn't really support that. >> >> What is the issue w/ using OpenSSL 1.0.2 that is driving us to OpenSSL 1.1? > > The main problem is that Let's Encrypt root certificates expired at the > end of October and OpenSSL 1.0.2 has problems with the new ones: > > https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/ > > For whatever reason it still works on Windows, but AOO on Linux and > macOS cannot connect to our Update Feed and the extensions site anymore. > > Workaround 3 (mentioned in the article) would be a possibility to fix > that on the server side. > >> >> PS: OpenSSL is universally, IMO, becoming a major PITA. I'm all for upgrades >> and keeping things fresh, but it seems like it is moving way too fast for >> its consumers. >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
