On 9 Dec 2024, at 17:38, Ilya Maximets wrote:
> OpenSSL 1.1.0 reached EoL 5 years ago on 11 Sep 2019. Vast majority
> of distributions moved to newer versions long time ago.
>
> OpenSSL 1.1.1 introduced a lot of new APIs and deprecated a lot of
> old ones. It also introduced support for TLSv1.3 with a pack of
> APIs specific to that version.
>
> Requiring OpenSSL 1.1.1 or newer will allow us to get rid of use of
> many deprecated APIs as well as introduce explicit support for TLSv1.3
> without polluting the code with conditional compiling.
>
> Python community did an exceptional investigation on benefits of
> dropping support for OpenSSL 1.1.0 when they did the same in 2021:
> https://peps.python.org/pep-0644/
>
> We do not officially support building with LibreSSL, but all the
> ifdefs for it are not necessary today, as LibreSSL implemented all
> the missing APIs. Also, most major distributions either moved away
> from LibreSSL or provide OpenSSL as an alternative.
>
> This commit only removes explicit workarounds. We'll start replacing
> deprecated APIs in the next ones.
>
> OpenSSL 1.1.1 also reached end of life in 2023, but it's not a big
> burden to support, and many distributions are still using it and
> will continue using it for quite some time.
>
> Signed-off-by: Ilya Maximets <[email protected]>
Patchwork did not like the cover letter ACK, so will ack them individually.
Acked-by: Eelco Chaudron <[email protected]>
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
