On Sun, Aug 26, 2018 at 09:35:28PM +0200, Michal Trojnara wrote: > On 8/24/18 6:15 PM, Peter Pentchev wrote: > > Sorry to be the bearer of a "those OS vendors did something again and > > now we have to catch up with them... again..." type of news, but, well, > > the maintainers of the Debian package of OpenSSL upgraded it to > > a prerelease 1.1.1 version and, in the process, changed the default > > cipher selection in the openssl.cnf file to 'SECLEVEL=2'. > > Debian indeed has a history of making strange changes to OpenSSL and > thus breaking compatibility with the upstream package. I honestly don't > think it is fair to call those modified packages "OpenSSL".
I cannot say I disagree completely... > Regardless of Debian, we will update the test certificates to use sha256. Thanks! > > if there is a "ciphers" option in the config file, stunnel eventually > > dies with an error that I seem to remember having seen before; take > > a look at this gdb backtrace from stunnel 5.48: > > This is a separate issue. I believe I manged to fix it. Please try: > https://www.stunnel.org/downloads/beta/stunnel-5.49b4.tar.gz Yes, the changes between b3 and b4 do indeed fix this problem; many thanks for the quick reaction! > > So, yeah, what would be the best way forward here? > > I think the best way is wait a few days for the updated upstream stunnel > package, and then proceed with packaging it. Would it be okay with you? Of course, there is no hurry; apologies if my previous message somehow made it sound like there was any urgency. Thank you once again for all your work and for your understanding! G'luck, Peter -- Peter Pentchev roam@{ringlet.net,debian.org,FreeBSD.org} [email protected] PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
signature.asc
Description: PGP signature
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
