On 8/24/18 6:15 PM, Peter Pentchev wrote: > Sorry to be the bearer of a "those OS vendors did something again and > now we have to catch up with them... again..." type of news, but, well, > the maintainers of the Debian package of OpenSSL upgraded it to > a prerelease 1.1.1 version and, in the process, changed the default > cipher selection in the openssl.cnf file to 'SECLEVEL=2'.
Debian indeed has a history of making strange changes to OpenSSL and thus breaking compatibility with the upstream package. I honestly don't think it is fair to call those modified packages "OpenSSL". Regardless of Debian, we will update the test certificates to use sha256. > if there is a "ciphers" option in the config file, stunnel eventually > dies with an error that I seem to remember having seen before; take > a look at this gdb backtrace from stunnel 5.48: This is a separate issue. I believe I manged to fix it. Please try: https://www.stunnel.org/downloads/beta/stunnel-5.49b4.tar.gz > So, yeah, what would be the best way forward here? I think the best way is wait a few days for the updated upstream stunnel package, and then proceed with packaging it. Would it be okay with you? Best regards, Mike
signature.asc
Description: OpenPGP digital signature
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
