Re: [tor-bugs] #31820 [Core Tor/Tor]: Drop support for OpenSSL < 1.1.1

[Tor Bug Tracker & Wiki]

#31820: Drop support for OpenSSL < 1.1.1
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  task  | Status:  needs_revision
 Priority:  Medium|  Milestone:  Tor: 0.4.3.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:  .3
Parent ID:| Points:  .2
 Reviewer:  teor  |Sponsor:
--+
Changes (by teor):

 * status:  needs_review => needs_revision


Comment:

 Replying to [comment:13 nickm]:
 > Hm. I'm not concerned about the jenkins issue per se, but I do want us
 to think longer before we have the latest versions of Tor drop support for
 still-supported debian versions.  We like relays to keep upgrading, and
 stranding a bunch of relays on tor 0.3.5.x would be at least somewhat
 troublesome.
 >
 > I don't suppose that debian/ubuntu have plans to ship openssl 1.1.1 once
 their current openssl versions are at end-of-life?

 stretch has a mix of OpenSSL 1.1 and 1.0 users, they're on 1.1.0 at the
 moment, and there are no signs that stretch will upgrade to 1.1.1:
 * https://wiki.debian.org/OpenSSL-1.1
 * https://packages.debian.org/stretch/libssl1.1
 * https://tracker.debian.org/pkg/openssl

 It seems that some packages might be blocking upgrades to 1.1.1:
 * https://wiki.debian.org/ContinuousIntegration/TriagingTips/openssl-1.1.1

 The FAQ seems to imply that jessie won't get OpenSSL 1.1, and there's no
 libssl-1.1 in jessie:
 * https://packages.debian.org/search?keywords=libssl1.1

 As for Ubuntu, bionic should have 1.1.1 soon, but it looks like xenial is
 stuck on 1.0.2g:
 * https://launchpad.net/ubuntu/+source/openssl

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31820 [Core Tor/Tor]: Drop support for OpenSSL < 1.1.1

[Tor Bug Tracker & Wiki]

#31820: Drop support for OpenSSL < 1.1.1
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  task  | Status:  merge_ready
 Priority:  Medium|  Milestone:  Tor: 0.4.3.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:  .3
Parent ID:| Points:  .2
 Reviewer:  teor  |Sponsor:
--+

Comment (by nickm):

 Hm. I'm not concerned about the jenkins issue per se, but I do want us to
 think longer before we have the latest versions of Tor drop support for
 still-supported debian versions.  We like relays to keep upgrading, and
 stranding a bunch of relays on tor 0.3.5.x would be at least somewhat
 troublesome.

 I don't suppose that debian/ubuntu have plans to ship openssl 1.1.1 once
 their current openssl versions are at end-of-life?

 In any case, let's consider this in the new year.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31820 [Core Tor/Tor]: Drop support for OpenSSL < 1.1.1

[Tor Bug Tracker & Wiki]

#31820: Drop support for OpenSSL < 1.1.1
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  task  | Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.4.3.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:  .3
Parent ID:| Points:  .2
 Reviewer:  teor  |Sponsor:
--+
Changes (by nickm):

 * status:  merge_ready => needs_review


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31820 [Core Tor/Tor]: Drop support for OpenSSL < 1.1.1

[Tor Bug Tracker & Wiki]

#31820: Drop support for OpenSSL < 1.1.1
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  task  | Status:  merge_ready
 Priority:  Medium|  Milestone:  Tor: 0.4.3.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:  .3
Parent ID:| Points:  .2
 Reviewer:  teor  |Sponsor:
--+

Comment (by teor):

 Hi Nick, just checking if we need to fix the jenkins jobs (#32773 ) before
 we merge this ticket?

 We might also need to move the chtuney pypy jobs off master, because they
 are stuck on xenial. I'll open a child ticket.

 #32630 and #32240 are merged.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31820 [Core Tor/Tor]: Drop support for OpenSSL < 1.1.1

[Tor Bug Tracker & Wiki]

#31820: Drop support for OpenSSL < 1.1.1
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  task  | Status:  merge_ready
 Priority:  Medium|  Milestone:  Tor: 0.4.3.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:  .3
Parent ID:| Points:  .2
 Reviewer:  teor  |Sponsor:
--+

Comment (by teor):

 These jenkins master builds will fail after this ticket merges:
 * jessie: OpenSSL 1.0.1t
 * stretch: OpenSSL 1.1.0
 * xenial: OpenSSL 1.0.2g

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31820 [Core Tor/Tor]: Drop support for OpenSSL < 1.1.1

[Tor Bug Tracker & Wiki]

#31820: Drop support for OpenSSL < 1.1.1
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  task  | Status:  merge_ready
 Priority:  Medium|  Milestone:  Tor: 0.4.3.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:  .3
Parent ID:| Points:  .2
 Reviewer:  teor  |Sponsor:
--+
Changes (by teor):

 * status:  needs_revision => merge_ready
 * actualpoints:   => .3


Comment:

 This ticket can merge after #32240 merges to tor, and #32630 merges to
 chutney.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31820 [Core Tor/Tor]: Drop support for OpenSSL < 1.1.1

[Tor Bug Tracker & Wiki]

#31820: Drop support for OpenSSL < 1.1.1
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  task  | Status:  needs_revision
 Priority:  Medium|  Milestone:  Tor: 0.4.3.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:  .2
 Reviewer:  teor  |Sponsor:
--+
Changes (by teor):

 * status:  needs_review => needs_revision


Comment:

 This looks good, but we need to fix #32240 before merging.

 I don't know what status we should use for "Merge ready, but blocked on
 another ticket".

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31820 [Core Tor/Tor]: Drop support for OpenSSL < 1.1.1

[Tor Bug Tracker & Wiki]

#31820: Drop support for OpenSSL < 1.1.1
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  task  | Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.4.3.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:  .2
 Reviewer:  teor  |Sponsor:
--+
Changes (by nickm):

 * status:  needs_revision => needs_review


Comment:

 I've fixed the issues on the review and pushed a new version of the
 branch.

 The usage of OPENSSL_V_SERIES(1,1,0) in the tests is intentional: I've
 added a comment about it, and I've opened #32688 for repairing the API.

 We _probably_ shouldn't merge this till we have the CI fix worked out,
 though.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31820 [Core Tor/Tor]: Drop support for OpenSSL < 1.1.1

[Tor Bug Tracker & Wiki]

#31820: Drop support for OpenSSL < 1.1.1
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  task  | Status:  needs_revision
 Priority:  Medium|  Milestone:  Tor: 0.4.3.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:  .2
 Reviewer:  teor  |Sponsor:
--+

Comment (by teor):

 Seems good, I added some comments on the PR.

 It also looks like you missed a `OPENSSL_V_SERIES(1,1,0)` in the unit
 tests.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31820 [Core Tor/Tor]: Drop support for OpenSSL < 1.1.1

[Tor Bug Tracker & Wiki]

#31820: Drop support for OpenSSL < 1.1.1
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  task  | Status:  needs_revision
 Priority:  Medium|  Milestone:  Tor: 0.4.3.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:  .2
 Reviewer:  teor  |Sponsor:
--+
Changes (by teor):

 * status:  needs_review => needs_revision


Comment:

 Replying to [comment:4 nickm]:
 > Interestingly, it appears that two of our builders are failing because
 of soon-to-be-obsolete openssl versions.  We'll need to make a decision
 about them before we merge.

 Homebrew needs to be configured to use "openssl@1.1" in .travis.yml.

 chutney is a bit more problematic. We can either:
 * patch chutney/tor/Travis to fix #32240, and stop running chutney on
 Ubuntu trusty
   * I think CHUTNEY_NET_DIR=TRAVIS_BUILD_... would be a good first step?
 * add OpenSSL 1.1 from trusty-backports to our Travis trusty config
   * trusty-backports isn't supported by ubuntu any more, so this should be
 a last resort

 I'll also do a review on the pull request.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31820 [Core Tor/Tor]: Drop support for OpenSSL < 1.1.1

[Tor Bug Tracker & Wiki]

#31820: Drop support for OpenSSL < 1.1.1
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  task  | Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.4.3.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:  .2
 Reviewer:  teor  |Sponsor:
--+
Changes (by dgoulet):

 * reviewer:   => teor


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31820 [Core Tor/Tor]: Drop support for OpenSSL < 1.1.1

[Tor Bug Tracker & Wiki]

#31820: Drop support for OpenSSL < 1.1.1
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  task  | Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.4.3.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:  .2
 Reviewer:|Sponsor:
--+

Comment (by nickm):

 Interestingly, it appears that two of our builders are failing because of
 soon-to-be-obsolete openssl versions.  We'll need to make a decision about
 them before we merge.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31820 [Core Tor/Tor]: Drop support for OpenSSL < 1.1.1

[Tor Bug Tracker & Wiki]

#31820: Drop support for OpenSSL < 1.1.1
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  task  | Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.4.3.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:  .2
 Reviewer:|Sponsor:
--+
Changes (by nickm):

 * status:  accepted => needs_review
 * points:   => .2


Comment:

 Branch is `ticket31820` with PR at
 https://github.com/torproject/tor/pull/1556 .

 {{{
  17 files changed, 58 insertions(+), 801 deletions(-)
 }}}

 I tested with OpenSSL, LibreSSL, and NSS.

 I didn't remove the OPENSSL_OPAQUE unit tests with this patch, since I
 want to look at them more closely and see if any can be saved.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31820 [Core Tor/Tor]: Drop support for OpenSSL < 1.1.1

[Tor Bug Tracker & Wiki]

#31820: Drop support for OpenSSL < 1.1.1
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  task  | Status:  accepted
 Priority:  Medium|  Milestone:  Tor: 0.4.3.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by nickm):

 (If I am reading the openbsd people right, the oldest supported version of
 libressl is 2.9.x, since that's what was released in 6.5, and only the two
 most recent openbsd releases are supported.)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31820 [Core Tor/Tor]: Drop support for OpenSSL < 1.1.1

[Tor Bug Tracker & Wiki]

#31820: Drop support for OpenSSL < 1.1.1
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  task  | Status:  accepted
 Priority:  Medium|  Milestone:  Tor: 0.4.3.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by nickm):

 * status:  new => accepted
 * owner:  (none) => nickm


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs