You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Mark Thomas <ma...@apache.org> on 2022/03/15 20:40:10 UTC
Tomcat Native and minimum OpenSSL version
Hi all,
We currently have the following text in the VERSIONS file for Tomcat Native:
=============
The current minimum versions are:
- OpenSSL 1.0.2
- APR 1.4.3
...
It is current anticipated that Tomcat Native releases will transition to
1.3.x
after April 2021 when the minimum version will become OpenSSL 1.1.0 and
APR 1.5.2.
==============
This change was driven by Ubuntu 16.04 reaching EOL in April 2021.
However, Debian 9 reaches EOL in June this year which would allow us to
move to:
OpenSSL 1.1.1
APR 1.6.x
As I am about to prepare a Tomcat Native release do we want to make the
switch to 1.3.0 now or wait until after June and go straight to 1.1.1/1.6.x?
Thoughts?
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: Tomcat Native and minimum OpenSSL version
Posted by Coty Sutherland <cs...@apache.org>.
On Wed, Mar 16, 2022 at 11:21 AM Christopher Schultz <
chris@christopherschultz.net> wrote:
> Mark,
>
> On 3/15/22 16:40, Mark Thomas wrote:
> > Hi all,
> >
> > We currently have the following text in the VERSIONS file for Tomcat
> > Native:
> >
> > =============
> > The current minimum versions are:
> > - OpenSSL 1.0.2
> > - APR 1.4.3
> >
> > ...
> >
> > It is current anticipated that Tomcat Native releases will transition to
> > 1.3.x
> > after April 2021 when the minimum version will become OpenSSL 1.1.0 and
> > APR 1.5.2.
> > ==============
> >
> >
> > This change was driven by Ubuntu 16.04 reaching EOL in April 2021.
> > However, Debian 9 reaches EOL in June this year which would allow us to
> > move to:
> > OpenSSL 1.1.1
> > APR 1.6.x
> >
> >
> > As I am about to prepare a Tomcat Native release do we want to make the
> > switch to 1.3.0 now or wait until after June and go straight to
> > 1.1.1/1.6.x?
>
> +1 to doing a tcnative release right now (!!).
>
> I think we should not change anything until June and then go directly to
> 1.1.1.
>
+1 for a release and waiting until June too.
Re: Tomcat Native and minimum OpenSSL version
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Mark,
On 3/15/22 16:40, Mark Thomas wrote:
> Hi all,
>
> We currently have the following text in the VERSIONS file for Tomcat
> Native:
>
> =============
> The current minimum versions are:
> - OpenSSL 1.0.2
> - APR 1.4.3
>
> ...
>
> It is current anticipated that Tomcat Native releases will transition to
> 1.3.x
> after April 2021 when the minimum version will become OpenSSL 1.1.0 and
> APR 1.5.2.
> ==============
>
>
> This change was driven by Ubuntu 16.04 reaching EOL in April 2021.
> However, Debian 9 reaches EOL in June this year which would allow us to
> move to:
> OpenSSL 1.1.1
> APR 1.6.x
>
>
> As I am about to prepare a Tomcat Native release do we want to make the
> switch to 1.3.0 now or wait until after June and go straight to
> 1.1.1/1.6.x?
+1 to doing a tcnative release right now (!!).
I think we should not change anything until June and then go directly to
1.1.1.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org