pkg-perl-maintainers team mailing list archive

[Dimitri John Ledkov <launchpad@xxxxxxxxxxxx>]

** Also affects: openssl (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Also affects: libio-socket-ssl-perl (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: libnet-ssleay-perl (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: nova (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: python-cryptography (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: python2.7 (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: python3.6 (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: python3.7 (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: r-cran-openssl (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: ruby-openssl (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: ruby2.5 (Ubuntu)
   Importance: Undecided
       Status: New

** Description changed:

  [Impact]
  
   * OpenSSL 1.1.1 is an LTS release upstream, which will continue to
  receive security support for much longer than 1.1.0 series will.
  
   * OpenSSL 1.1.1 comes with support for TLS v1.3 which is expected to be
  rapidly adopted due to increased set of supported hashes & algoes, as
  well as improved handshake [re-]negotiation.
  
   * OpenSSL 1.1.1 comes with improved hw-acceleration capabilities.
  
   * OpenSSL 1.1.1 is ABI/API compatible with 1.1.0, however some software
  is sensitive to the negotiation handshake and may either need
  patches/improvements or clamp-down to maximum v1.2.
  
  [Test Case]
  
   * Rebuild all reverse dependencies
  
   * Execute autopkg tests for all of them
  
   * Clamp down to TLS v1.2 software that does not support TLS v1.3 (e.g.
  mongodb)
  
   * Backport TLS v1.3 support patches, where applicable
  
  [Regression Potential]
  
   * Connectivity interop is the biggest issues which will be unavoidable
  with introducing TLS v1.3. However, tests on cosmic demonstrate that
  curl/nginx/google-chrome/mozilla-firefox connect and negotiate TLS v1.3
  without issues.
  
   * Mitigation of discovered connectivity issues will be possible by
  clamping down to TLS v1.2 in either server-side or client-side software
  or by backporting relevant support fixes
  
-  * Notable changes are listed here
+  * Notable changes are listed here
  https://wiki.openssl.org/index.php/TLS1.3
  
-  * Most common connectivity issues so far:
-    - client verifies SNI in TLSv1.3 mode, yet client doesn't set hostname. Solution is client change to set hostname, or to clamp down the client to TLSv1.2.
+  * Most common connectivity issues so far:
+    - client verifies SNI in TLSv1.3 mode, yet client doesn't set hostname. Solution is client change to set hostname, or to clamp down the client to TLSv1.2.
  
-    - session negotiation is different in TLSv1.3, existing client code
+    - session negotiation is different in TLSv1.3, existing client code
  may fail to create/negotiate/resume session. Clients need to learn how
  to use session callback.
+ 
+  * This update bundles python 3.6 and 3.7 point releases
  
  [Other Info]
  
   * Previous FFe for OpenSSL in 18.10 is at
     https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1793092
  
   * TLS v1.3 support in NSS is expected to make it to 18.04 via security
  updates
  
   * TLS v1.3 support in GnuTLS is expected to be available in 19.04
  
   * Test OpenSSL is being prepared in
     https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/3473

** Changed in: openssl (Ubuntu)
       Status: Confirmed => In Progress

-- 
You received this bug notification because you are a member of Debian
Perl Group, which is subscribed to libio-socket-ssl-perl in Ubuntu.
https://bugs.launchpad.net/bugs/1797386

Title:
  [SRU] OpenSSL 1.1.1 to 18.04 LTS

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libio-socket-ssl-perl/+bug/1797386/+subscriptions