You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@geode.apache.org by "Jacob S. Barrett (JIRA)" <ji...@apache.org> on 2017/06/27 16:43:00 UTC

[jira] [Commented] (GEODE-3093) Update support for OpenSSL to 1.1

    [ https://issues.apache.org/jira/browse/GEODE-3093?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16065095#comment-16065095 ] 

Jacob S. Barrett commented on GEODE-3093:
-----------------------------------------

Upgrading to OpenSSL 1.1.0 requires removal of ACE_SSL and rewriting of all uses of OpenSSL methods. OpenSSL 1.1.0 hides all implementation behind incomplete structs and adds many new functions for accessing the values in these structs. The effort is quick expensive and may be better suited for a later date. 

I propose we update to OpenSSL 1.0.2 LTS, which carries support until end of 2019 [https://www.openssl.org/policies/releasestrat.html]. Open SSL 1.1.0 ends support in 2018. This allows us to stay current with OpenSSL while avoiding a rush to remove internals, like ACE_SSL, ACE_DLL, and rewrite the SSL and DH classes. We can focus on removing those items over the next few releases and then when OpenSSL 1.2.0 LTS releases we can make the jump.



> Update support for OpenSSL to 1.1
> ---------------------------------
>
>                 Key: GEODE-3093
>                 URL: https://issues.apache.org/jira/browse/GEODE-3093
>             Project: Geode
>          Issue Type: Improvement
>          Components: docs, native client
>            Reporter: Jacob S. Barrett
>            Assignee: Jacob S. Barrett
>
> OpenSSL's current stable line is 1.1 and we should update our support to that line for security purposes.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)