Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

require OpenSSL >= 1.0.2 and LibreSSL >= 3.1 #396

Merged
merged 4 commits into from
Apr 4, 2021
Merged

require OpenSSL >= 1.0.2 and LibreSSL >= 3.1 #396

merged 4 commits into from
Apr 4, 2021

Commits on Apr 4, 2021

  1. require OpenSSL >= 1.0.2 and LibreSSL >= 3.1 

    Clean up old version guards in preparation for the upcoming OpenSSL 3.0
support.

OpenSSL 1.0.1 reached its EOL on 2016-12-31. At that time, we decided
to keep 1.0.1 support because many major Linux distributions were still
shipped with 1.0.1. Now, nearly 4 years later, most Linux distributions
are reaching their EOL and it should be safe to assume nobody uses them
anymore. Major ones that were using 1.0.1:

 - Ubuntu 14.04 is EOL since 2019-04-30
 - RHEL 6 will reach EOL on 2020-11-30

LibreSSL 3.0 and older versions are no longer supported by the LibreSSL
team as of October 2020.

Note that OpenSSL 1.0.2 also reached EOL on 2019-12-31 and 1.1.0 also
did on 2018-08-31.
    @rhenium
    rhenium committed Apr 4, 2021
    Configuration menu
    Copy the full SHA
    c055938 View commit details
    Browse the repository at this point in the history

  2. ssl: call SSL_CTX_set_ecdh_auto() on OpenSSL 1.0.2 only 

    SSL_CTX_set_ecdh_auto() exists in OpenSSL 1.1.0 and LibreSSL 2.6.1, but
it is made no-op and the automatic curve selection cannot be disabled.
Wrap it with ifdef to make it clear that it is safe to remove it
completely when we drop support for OpenSSL 1.0.2.
    @rhenium
    rhenium committed Apr 4, 2021
    Configuration menu
    Copy the full SHA
    2ae8f21 View commit details
    Browse the repository at this point in the history

  3. ssl: use TLS_method() instead of SSLv23_method() for LibreSSL 

    LibreSSL 2.2.2 introduced TLS_method(), but with different semantics
from OpenSSL: TLS_method() enabled TLS >= 1.0 while SSLv23_method()
enabled all available versions, which included SSL 3.0 in addition.

However, LibreSSL 2.3.0 removed SSL 3.0 support completely and now
TLS_method() and SSLv23_method() are equivalent.
    @rhenium
    rhenium committed Apr 4, 2021
    Configuration menu
    Copy the full SHA
    3b7d704 View commit details
    Browse the repository at this point in the history

  4. ossl.c: do not set locking callbacks on LibreSSL 

    Similarly to OpenSSL >= 1.1.0, LibreSSL 2.9.0 ensures thread safety
without requiring applications to set locking callbacks and made
related functions no-op.
    @rhenium
    rhenium committed Apr 4, 2021
    Configuration menu
    Copy the full SHA
    7276233 View commit details
    Browse the repository at this point in the history