linuxdcpp-team team mailing list archive

Thread
Date

[Bug 1620106] Re: Upgrade to OpenSSL 1.1

To: linuxdcpp-team@xxxxxxxxxxxxxxxxxxx
From: "Francisco Blas Izquierdo Riera \(klondike\)" <franxisco1988@xxxxxxxxx>
Date: Sun, 04 Sep 2016 21:18:16 -0000
Reply-to: Bug 1620106 <1620106@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Hi,

Although I'm all in for the cool new crypto I'd like to recommend
waiting a bit (say 3 months) before  releasing a client with the new
OpenSSL version.

My point is mostly based on OpenSSL's history itself, last time a major
update happened: https://www.openssl.org/news/changelog.html#x9 and
https://www.openssl.org/news/changelog.html#x21

-- 
You received this bug notification because you are a member of
Dcplusplus-team, which is subscribed to DC++.
https://bugs.launchpad.net/bugs/1620106

Title:
  Upgrade to OpenSSL 1.1

Status in DC++:
  New

Bug description:
  https://www.openssl.org/news/changelog.html#x1 notes:
    *) Support for ChaCha20 and Poly1305 added to libcrypto and libssl.
       [Andy Polyakov]

    *) CCM support via EVP. Interface is very similar to GCM case except we
       must supply all data in one chunk (i.e. no update, final) and the
       message length must be supplied if AAD is used. Add algorithm test
       support.
       [Steve Henson]

  Which are useful to have going forward, and to be useful, to get in as
  early a version as feasible.

To manage notifications about this bug go to:
https://bugs.launchpad.net/dcplusplus/+bug/1620106/+subscriptions

References

[Bug 1620106] [NEW] Upgrade to OpenSSL 1.1
From: cologic, 2016-09-04