OpenSSL 1.0.1 released

classic Classic list List threaded Threaded
22 messages Options
12
Reply | Threaded
Open this post in threaded view
|

OpenSSL 1.0.1 released

OpenSSL-4
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


   OpenSSL version 1.0.1 released
   ===============================

   OpenSSL - The Open Source toolkit for SSL/TLS
   http://www.openssl.org/

   The OpenSSL project team is pleased to announce the release of
   version 1.0.1 of our open source toolkit for SSL/TLS. This new
   OpenSSL version is a new feature release. For a complete
   list of changes, please see

       http://www.openssl.org/source/exp/CHANGES.

   The most significant changes are:

      o TLS/DTLS heartbeat support.
      o SCTP support.
      o RFC 5705 TLS key material exporter.
      o RFC 5764 DTLS-SRTP negotiation.
      o Next Protocol Negotiation.
      o PSS signatures in certificates, requests and CRLs.
      o Support for password based recipient info for CMS.
      o Support TLS v1.2 and TLS v1.1.
      o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
      o SRP support.

   We consider OpenSSL 1.0.1 to be the best version of OpenSSL
   available and we strongly recommend that users of older versions
   upgrade as soon as possible. OpenSSL 1.0.1 is available for
   download via HTTP and FTP from the following master locations (you
   can find the various FTP mirrors under
   http://www.openssl.org/source/mirror.html):

     * http://www.openssl.org/source/
     * ftp://ftp.openssl.org/source/

   The distribution file name is:

    o openssl-1.0.1.tar.gz
      Size: 4453920
      MD5 checksum: 134f168bc2a8333f19f81d684841710b
      SHA1 checksum: a6476d33fd38c2e7dfb438d1e3be178cc242c907

   The checksums were calculated using the following commands:

    openssl md5 openssl-1.0.1.tar.gz
    openssl sha1 openssl-1.0.1.tar.gz

   Yours,

   The OpenSSL Project Team.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBT2CkBKLSm3vylcdZAQJv6wgAmrvhkXBB0rOI2Yt5YkgShq7BqqogFJk7
TBCHP6gR133L08e+WibwLc3HZS8eU2oAyyOYjBiTjO2Dyg5jkkslku2pyX9R8iZd
vb0k/ZTuzmNO/6dDYwejbYdLjrPmTKWrcofa9GooWhiFBOzi3fbY0pAIWjHBoY07
LK8HxVzqQ+v/fg3ingqNpD5qJ6y13i4S8wzMPRL/4ox3evRSsEZ2ZTRqCfxwIbQk
hZHfNL2sCZ+i/BoPKYxezhRweftDKQJtAm17femzymbQ0NVZfKi2i4kcd0GXS4Ow
eaeMwpXdAGDGcj/HzaqxH1lEkKDQB+H9fo9MT2gqawjntiRt6K/oyQ==
=yHMc
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: OpenSSL 1.0.1 released

Arpadffy Zoltan
Hello,

Thank you very much for 1.0.1 release.

It builds and works perfect on OpenVMS Alpha and IA64 architectures - as long I could test it.

Unfortunately, it is still not possible to build on VAX architecture, because the "[openssl.org #2653] [BUG] OpenSSL 1.0.1 OpenVMS issues on VAX" is sill not solved.

Thank you.

Regards,
Z

-----Original Message-----
From: OpenSSL [mailto:[hidden email]]
Sent: den 14 mars 2012 16:09
To: [hidden email]; [hidden email]; [hidden email]
Subject: OpenSSL 1.0.1 released

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


   OpenSSL version 1.0.1 released
   ===============================

   OpenSSL - The Open Source toolkit for SSL/TLS
   http://www.openssl.org/

   The OpenSSL project team is pleased to announce the release of
   version 1.0.1 of our open source toolkit for SSL/TLS. This new
   OpenSSL version is a new feature release. For a complete
   list of changes, please see

       http://www.openssl.org/source/exp/CHANGES.

   The most significant changes are:

      o TLS/DTLS heartbeat support.
      o SCTP support.
      o RFC 5705 TLS key material exporter.
      o RFC 5764 DTLS-SRTP negotiation.
      o Next Protocol Negotiation.
      o PSS signatures in certificates, requests and CRLs.
      o Support for password based recipient info for CMS.
      o Support TLS v1.2 and TLS v1.1.
      o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
      o SRP support.

   We consider OpenSSL 1.0.1 to be the best version of OpenSSL
   available and we strongly recommend that users of older versions
   upgrade as soon as possible. OpenSSL 1.0.1 is available for
   download via HTTP and FTP from the following master locations (you
   can find the various FTP mirrors under
   http://www.openssl.org/source/mirror.html):

     * http://www.openssl.org/source/
     * ftp://ftp.openssl.org/source/

   The distribution file name is:

    o openssl-1.0.1.tar.gz
      Size: 4453920
      MD5 checksum: 134f168bc2a8333f19f81d684841710b
      SHA1 checksum: a6476d33fd38c2e7dfb438d1e3be178cc242c907

   The checksums were calculated using the following commands:

    openssl md5 openssl-1.0.1.tar.gz
    openssl sha1 openssl-1.0.1.tar.gz

   Yours,

   The OpenSSL Project Team.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBT2CkBKLSm3vylcdZAQJv6wgAmrvhkXBB0rOI2Yt5YkgShq7BqqogFJk7
TBCHP6gR133L08e+WibwLc3HZS8eU2oAyyOYjBiTjO2Dyg5jkkslku2pyX9R8iZd
vb0k/ZTuzmNO/6dDYwejbYdLjrPmTKWrcofa9GooWhiFBOzi3fbY0pAIWjHBoY07
LK8HxVzqQ+v/fg3ingqNpD5qJ6y13i4S8wzMPRL/4ox3evRSsEZ2ZTRqCfxwIbQk
hZHfNL2sCZ+i/BoPKYxezhRweftDKQJtAm17femzymbQ0NVZfKi2i4kcd0GXS4Ow
eaeMwpXdAGDGcj/HzaqxH1lEkKDQB+H9fo9MT2gqawjntiRt6K/oyQ==
=yHMc
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL 1.0.1 released

Andy Polyakov-2
> Unfortunately, it is still not possible to build on VAX architecture,
> because the "[openssl.org #2653] [BUG] OpenSSL 1.0.1 OpenVMS issues
> on VAX" is sill not solved.

http://www.mail-archive.com/openssl-dev@.../msg29956.html
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL 1.0.1 released

Bruce Stephens-4
In reply to this post by OpenSSL-4
[hidden email] (OpenSSL) writes:

[...]

>       o Preliminary FIPS capability for unvalidated 2.0 FIPS module.

I note that #2741 appears not to be resolved, so if you build on Windows
and use --with-fipsdir=... then that probably won't work.

[...]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL 1.0.1 released

Mike Frysinger
In reply to this post by OpenSSL-4
On Wednesday 14 March 2012 11:09:22 OpenSSL wrote:

>    OpenSSL version 1.0.1 released
>    ===============================
>
>        http://www.openssl.org/source/exp/CHANGES.
>
>    The most significant changes are:
>
>       o TLS/DTLS heartbeat support.
>       o SCTP support.
>       o RFC 5705 TLS key material exporter.
>       o RFC 5764 DTLS-SRTP negotiation.
>       o Next Protocol Negotiation.
>       o PSS signatures in certificates, requests and CRLs.
>       o Support for password based recipient info for CMS.
>       o Support TLS v1.2 and TLS v1.1.
>       o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
>       o SRP support.
i don't see mention of ABI compat changes, and it seems to not be compatible.  
did someone forget to update the version string in crypto/opensslv.h ?  it
still says "1.0.0" ...
-mike

signature.asc (853 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL 1.0.1 released

Dr. Stephen Henson
On Wed, Mar 14, 2012, Mike Frysinger wrote:

> On Wednesday 14 March 2012 11:09:22 OpenSSL wrote:
> >    OpenSSL version 1.0.1 released
> >    ===============================
> >
> >        http://www.openssl.org/source/exp/CHANGES.
> >
> >    The most significant changes are:
> >
> >       o TLS/DTLS heartbeat support.
> >       o SCTP support.
> >       o RFC 5705 TLS key material exporter.
> >       o RFC 5764 DTLS-SRTP negotiation.
> >       o Next Protocol Negotiation.
> >       o PSS signatures in certificates, requests and CRLs.
> >       o Support for password based recipient info for CMS.
> >       o Support TLS v1.2 and TLS v1.1.
> >       o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
> >       o SRP support.
>
> i don't see mention of ABI compat changes, and it seems to not be compatible.  
> did someone forget to update the version string in crypto/opensslv.h ?  it
> still says "1.0.0" ...

Can you be more specific about "seems to not be compatible".

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL 1.0.1 released

Mike Frysinger
On Wednesday 14 March 2012 14:25:32 Dr. Stephen Henson wrote:

> On Wed, Mar 14, 2012, Mike Frysinger wrote:
> > On Wednesday 14 March 2012 11:09:22 OpenSSL wrote:
> > >    OpenSSL version 1.0.1 released
> > >    ===============================
> > >    
> > >        http://www.openssl.org/source/exp/CHANGES.
> > >    
> > >    The most significant changes are:
> > >       o TLS/DTLS heartbeat support.
> > >       o SCTP support.
> > >       o RFC 5705 TLS key material exporter.
> > >       o RFC 5764 DTLS-SRTP negotiation.
> > >       o Next Protocol Negotiation.
> > >       o PSS signatures in certificates, requests and CRLs.
> > >       o Support for password based recipient info for CMS.
> > >       o Support TLS v1.2 and TLS v1.1.
> > >       o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
> > >       o SRP support.
> >
> > i don't see mention of ABI compat changes, and it seems to not be
> > compatible. did someone forget to update the version string in
> > crypto/opensslv.h ?  it still says "1.0.0" ...
>
> Can you be more specific about "seems to not be compatible".
if the versions were compatible, there should be no warning when running apps
with openssl-1.0.1 that were built against openssl-1.0.0*.  but there is:
        OpenSSL version mismatch. Built against 1000005f, you have 1000100f
-mike

signature.asc (853 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL 1.0.1 released

Dr. Stephen Henson
On Wed, Mar 14, 2012, Mike Frysinger wrote:

> On Wednesday 14 March 2012 14:25:32 Dr. Stephen Henson wrote:
> > On Wed, Mar 14, 2012, Mike Frysinger wrote:
> > > On Wednesday 14 March 2012 11:09:22 OpenSSL wrote:
> > > >    OpenSSL version 1.0.1 released
> > > >    ===============================
> > > >    
> > > >        http://www.openssl.org/source/exp/CHANGES.
> > > >    
> > > >    The most significant changes are:
> > > >       o TLS/DTLS heartbeat support.
> > > >       o SCTP support.
> > > >       o RFC 5705 TLS key material exporter.
> > > >       o RFC 5764 DTLS-SRTP negotiation.
> > > >       o Next Protocol Negotiation.
> > > >       o PSS signatures in certificates, requests and CRLs.
> > > >       o Support for password based recipient info for CMS.
> > > >       o Support TLS v1.2 and TLS v1.1.
> > > >       o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
> > > >       o SRP support.
> > >
> > > i don't see mention of ABI compat changes, and it seems to not be
> > > compatible. did someone forget to update the version string in
> > > crypto/opensslv.h ?  it still says "1.0.0" ...
> >
> > Can you be more specific about "seems to not be compatible".
>
> if the versions were compatible, there should be no warning when running apps
> with openssl-1.0.1 that were built against openssl-1.0.0*.  but there is:
> OpenSSL version mismatch. Built against 1000005f, you have 1000100f

What is producing that warning?

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL 1.0.1 released

Tomas Mraz-2
On Wed, 2012-03-14 at 19:36 +0100, Dr. Stephen Henson wrote:

> On Wed, Mar 14, 2012, Mike Frysinger wrote:
>
> > On Wednesday 14 March 2012 14:25:32 Dr. Stephen Henson wrote:
> > > On Wed, Mar 14, 2012, Mike Frysinger wrote:
> > > > On Wednesday 14 March 2012 11:09:22 OpenSSL wrote:
> > > > >    OpenSSL version 1.0.1 released
> > > > >    ===============================
> > > > >    
> > > > >        http://www.openssl.org/source/exp/CHANGES.
> > > > >    
> > > > >    The most significant changes are:
> > > > >       o TLS/DTLS heartbeat support.
> > > > >       o SCTP support.
> > > > >       o RFC 5705 TLS key material exporter.
> > > > >       o RFC 5764 DTLS-SRTP negotiation.
> > > > >       o Next Protocol Negotiation.
> > > > >       o PSS signatures in certificates, requests and CRLs.
> > > > >       o Support for password based recipient info for CMS.
> > > > >       o Support TLS v1.2 and TLS v1.1.
> > > > >       o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
> > > > >       o SRP support.
> > > >
> > > > i don't see mention of ABI compat changes, and it seems to not be
> > > > compatible. did someone forget to update the version string in
> > > > crypto/opensslv.h ?  it still says "1.0.0" ...
> > >
> > > Can you be more specific about "seems to not be compatible".
> >
> > if the versions were compatible, there should be no warning when running apps
> > with openssl-1.0.1 that were built against openssl-1.0.0*.  but there is:
> > OpenSSL version mismatch. Built against 1000005f, you have 1000100f
>
> What is producing that warning?

This is a problem of the applications (OpenSSH, postgresql,....) that do
not expect different versions of openssl to be ABI compatible. They
compare the version that they were compiled against to the version
reported by the library. They usually ignore only the patch level number
(abcde...). We had to patch the version number in the library to stay
constant. I suppose these applications should have the version check
removed as it is not guaranteed to work anyway as the ABI of openssl
depends also on the compiled-in ciphers and other compile time options.

--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL 1.0.1 released

Mike Frysinger
In reply to this post by Dr. Stephen Henson
On Wednesday 14 March 2012 14:36:09 Dr. Stephen Henson wrote:

> On Wed, Mar 14, 2012, Mike Frysinger wrote:
> > On Wednesday 14 March 2012 14:25:32 Dr. Stephen Henson wrote:
> > > On Wed, Mar 14, 2012, Mike Frysinger wrote:
> > > > On Wednesday 14 March 2012 11:09:22 OpenSSL wrote:
> > > > >    OpenSSL version 1.0.1 released
> > > > >    ===============================
> > > > >    
> > > > >        http://www.openssl.org/source/exp/CHANGES.
> > > > >    
> > > > >    The most significant changes are:
> > > > >       o TLS/DTLS heartbeat support.
> > > > >       o SCTP support.
> > > > >       o RFC 5705 TLS key material exporter.
> > > > >       o RFC 5764 DTLS-SRTP negotiation.
> > > > >       o Next Protocol Negotiation.
> > > > >       o PSS signatures in certificates, requests and CRLs.
> > > > >       o Support for password based recipient info for CMS.
> > > > >       o Support TLS v1.2 and TLS v1.1.
> > > > >       o Preliminary FIPS capability for unvalidated 2.0 FIPS
> > > > >       module. o SRP support.
> > > >
> > > > i don't see mention of ABI compat changes, and it seems to not be
> > > > compatible. did someone forget to update the version string in
> > > > crypto/opensslv.h ?  it still says "1.0.0" ...
> > >
> > > Can you be more specific about "seems to not be compatible".
> >
> > if the versions were compatible, there should be no warning when running
> > apps
> >
> > with openssl-1.0.1 that were built against openssl-1.0.0*.  but there is:
> > OpenSSL version mismatch. Built against 1000005f, you have 1000100f
>
> What is producing that warning?
$ ssh-keygen -l
OpenSSL version mismatch. Built against 1000005f, you have 1000100f
-mike

signature.asc (853 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL 1.0.1 released

Kurt Roeckx
In reply to this post by Mike Frysinger
On Wed, Mar 14, 2012 at 02:30:29PM -0400, Mike Frysinger wrote:

> On Wednesday 14 March 2012 14:25:32 Dr. Stephen Henson wrote:
> > On Wed, Mar 14, 2012, Mike Frysinger wrote:
> > > On Wednesday 14 March 2012 11:09:22 OpenSSL wrote:
> > > >    OpenSSL version 1.0.1 released
> > > >    ===============================
> > > >    
> > > >        http://www.openssl.org/source/exp/CHANGES.
> > > >    
> > > >    The most significant changes are:
> > > >       o TLS/DTLS heartbeat support.
> > > >       o SCTP support.
> > > >       o RFC 5705 TLS key material exporter.
> > > >       o RFC 5764 DTLS-SRTP negotiation.
> > > >       o Next Protocol Negotiation.
> > > >       o PSS signatures in certificates, requests and CRLs.
> > > >       o Support for password based recipient info for CMS.
> > > >       o Support TLS v1.2 and TLS v1.1.
> > > >       o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
> > > >       o SRP support.
> > >
> > > i don't see mention of ABI compat changes, and it seems to not be
> > > compatible. did someone forget to update the version string in
> > > crypto/opensslv.h ?  it still says "1.0.0" ...
> >
> > Can you be more specific about "seems to not be compatible".
>
> if the versions were compatible, there should be no warning when running apps
> with openssl-1.0.1 that were built against openssl-1.0.0*.  but there is:
> OpenSSL version mismatch. Built against 1000005f, you have 1000100f

As far as I know, we disabled most such checks in Debian because
they're not really useful.  I can change the ABI without changing
the version, or have the same ABI with a different version.  If
it's not compatible the soname should have changed.  The
appliation shouldn't go and second guess that it's really
compatible or not.

And if the soname stays the same but the ABI is not compatible, we
also have ways to deal with that.


Kurt

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL 1.0.1 released

Dr. Stephen Henson
In reply to this post by Bruce Stephens-4
On Wed, Mar 14, 2012, Bruce Stephens wrote:

> [hidden email] (OpenSSL) writes:
>
> [...]
>
> >       o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
>
> I note that #2741 appears not to be resolved, so if you build on Windows
> and use --with-fipsdir=... then that probably won't work.
>
> [...]

Opps, that's something for 1.0.1a anyway...

The alternative of using the FIPSDIR environment variable (you have to use
that with the FIPS module anyway) should be OK though.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL 1.0.1 released

Mike Frysinger
In reply to this post by Kurt Roeckx
On Wednesday 14 March 2012 17:18:19 Kurt Roeckx wrote:

> On Wed, Mar 14, 2012 at 02:30:29PM -0400, Mike Frysinger wrote:
> > On Wednesday 14 March 2012 14:25:32 Dr. Stephen Henson wrote:
> > > On Wed, Mar 14, 2012, Mike Frysinger wrote:
> > > > On Wednesday 14 March 2012 11:09:22 OpenSSL wrote:
> > > > >    OpenSSL version 1.0.1 released
> > > > >    ===============================
> > > > >    
> > > > >        http://www.openssl.org/source/exp/CHANGES.
> > > > >    
> > > > >    The most significant changes are:
> > > > >       o TLS/DTLS heartbeat support.
> > > > >       o SCTP support.
> > > > >       o RFC 5705 TLS key material exporter.
> > > > >       o RFC 5764 DTLS-SRTP negotiation.
> > > > >       o Next Protocol Negotiation.
> > > > >       o PSS signatures in certificates, requests and CRLs.
> > > > >       o Support for password based recipient info for CMS.
> > > > >       o Support TLS v1.2 and TLS v1.1.
> > > > >       o Preliminary FIPS capability for unvalidated 2.0 FIPS
> > > > >       module. o SRP support.
> > > >
> > > > i don't see mention of ABI compat changes, and it seems to not be
> > > > compatible. did someone forget to update the version string in
> > > > crypto/opensslv.h ?  it still says "1.0.0" ...
> > >
> > > Can you be more specific about "seems to not be compatible".
> >
> > if the versions were compatible, there should be no warning when running
> > apps
> >
> > with openssl-1.0.1 that were built against openssl-1.0.0*.  but there is:
> > OpenSSL version mismatch. Built against 1000005f, you have 1000100f
>
> As far as I know, we disabled most such checks in Debian because
> they're not really useful.  I can change the ABI without changing
> the version, or have the same ABI with a different version.  If
> it's not compatible the soname should have changed.  The
> appliation shouldn't go and second guess that it's really
> compatible or not.
>
> And if the soname stays the same but the ABI is not compatible, we
> also have ways to deal with that.
i'm not looking for downstream workarounds here but rather the right answer.  
is openssl-1.0.1 expected to be ABI compatible with openssl-1.0.0 ?  there was
nothing in the notes that i saw, and this is a significant change in behavior
from how openssl has loooooong operated.  and it wouldn't be the first time
that a new openssl release had bugs in it including forgetting to update the
version number (which i've reported before) or can't even compile for some
targets due to files missing from the release tarball.

if, indeed, openssl has started down the enlightened ABI compatible path, then
i can work on fixing relevant packages that do runtime version sanity checks
such as openssh.  but i haven't heard an answer in either direction as to the
openssl behavior: "it's a bug" or "it's correct behavior".
-mike

signature.asc (853 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL 1.0.1 released

Dr. Stephen Henson
On Wed, Mar 14, 2012, Mike Frysinger wrote:

>
> i'm not looking for downstream workarounds here but rather the right answer.  
> is openssl-1.0.1 expected to be ABI compatible with openssl-1.0.0 ?
>

Yes. In brief the versioning scheme introduced with 1.0.0 is:

Changes to last letter: security and bugfix only, no new features.
E.g.  1.0.0->1.0.0a
Changes to last number: new ABI compatible features.
E.g. 1.0.0->1.0.1
Changes to middle number: major release, ABI compatibility not guaranteed.
E.g. 1.0.0->1.1.0

This is the first "feature release" that has been done since he versioning
scheme changed so there may be some issues to iron out...

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL 1.0.1 released

Iain Morgan-2
In reply to this post by OpenSSL-4
On Wed, Mar 14, 2012 at 10:09:22 -0500, OpenSSL wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
>
>    We consider OpenSSL 1.0.1 to be the best version of OpenSSL
>    available and we strongly recommend that users of older versions
>    upgrade as soon as possible. OpenSSL 1.0.1 is available for
>    download via HTTP and FTP from the following master locations (you
>    can find the various FTP mirrors under
>    http://www.openssl.org/source/mirror.html):
>
>      * http://www.openssl.org/source/
>      * ftp://ftp.openssl.org/source/
>

It seems to be missing from the FTP site.

--
Iain Morgan

PS: Contrats (and thanks) on releasing 1.0.1!
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL 1.0.1 released

Dr. Stephen Henson
On Wed, Mar 14, 2012, Iain Morgan wrote:

> On Wed, Mar 14, 2012 at 10:09:22 -0500, OpenSSL wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> >
> >    We consider OpenSSL 1.0.1 to be the best version of OpenSSL
> >    available and we strongly recommend that users of older versions
> >    upgrade as soon as possible. OpenSSL 1.0.1 is available for
> >    download via HTTP and FTP from the following master locations (you
> >    can find the various FTP mirrors under
> >    http://www.openssl.org/source/mirror.html):
> >
> >      * http://www.openssl.org/source/
> >      * ftp://ftp.openssl.org/source/
> >
>
> It seems to be missing from the FTP site.
>

Ooops, fixed now.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL 1.0.1 released

Richard Levitte - VMS Whacker
In reply to this post by Arpadffy Zoltan
I've looked at that, and the modes part is quite integral to a number
of other algorithms.  Supporting it being turned off is likely to be a
maintainance nightmare (especially since it will seldom blow up
considering most platforms today have a C compiler that supports long
long).

My conclusion is that we should stop trying to support compilers that
don't support long long.  Unfortunately for VAX, it means that we have
to stop supporting that, unless you know of a compiler that supports
long long on that platform.

Cheers,
Richard

In message <ed0c8ca331b65bf9ee31289d352ed04d20efff39@localhost> on Wed, 14 Mar 2012 17:14:52 +0100, Arpadffy Zoltan <[hidden email]> said:

Zoltan.Arpadffy> Hello,
Zoltan.Arpadffy>
Zoltan.Arpadffy> Thank you very much for 1.0.1 release.
Zoltan.Arpadffy>
Zoltan.Arpadffy> It builds and works perfect on OpenVMS Alpha and IA64 architectures - as long I could test it.
Zoltan.Arpadffy>
Zoltan.Arpadffy> Unfortunately, it is still not possible to build on VAX architecture, because the "[openssl.org #2653] [BUG] OpenSSL 1.0.1 OpenVMS issues on VAX" is sill not solved.
Zoltan.Arpadffy>
Zoltan.Arpadffy> Thank you.
Zoltan.Arpadffy>
Zoltan.Arpadffy> Regards,
Zoltan.Arpadffy> Z
Zoltan.Arpadffy>
Zoltan.Arpadffy> -----Original Message-----
Zoltan.Arpadffy> From: OpenSSL [mailto:[hidden email]]
Zoltan.Arpadffy> Sent: den 14 mars 2012 16:09
Zoltan.Arpadffy> To: [hidden email]; [hidden email]; [hidden email]
Zoltan.Arpadffy> Subject: OpenSSL 1.0.1 released
Zoltan.Arpadffy>
Zoltan.Arpadffy> -----BEGIN PGP SIGNED MESSAGE-----
Zoltan.Arpadffy> Hash: SHA1
Zoltan.Arpadffy>
Zoltan.Arpadffy>
Zoltan.Arpadffy>    OpenSSL version 1.0.1 released
Zoltan.Arpadffy>    ===============================
Zoltan.Arpadffy>
Zoltan.Arpadffy>    OpenSSL - The Open Source toolkit for SSL/TLS
Zoltan.Arpadffy>    http://www.openssl.org/
Zoltan.Arpadffy>
Zoltan.Arpadffy>    The OpenSSL project team is pleased to announce the release of
Zoltan.Arpadffy>    version 1.0.1 of our open source toolkit for SSL/TLS. This new
Zoltan.Arpadffy>    OpenSSL version is a new feature release. For a complete
Zoltan.Arpadffy>    list of changes, please see
Zoltan.Arpadffy>
Zoltan.Arpadffy>        http://www.openssl.org/source/exp/CHANGES.
Zoltan.Arpadffy>
Zoltan.Arpadffy>    The most significant changes are:
Zoltan.Arpadffy>
Zoltan.Arpadffy>       o TLS/DTLS heartbeat support.
Zoltan.Arpadffy>       o SCTP support.
Zoltan.Arpadffy>       o RFC 5705 TLS key material exporter.
Zoltan.Arpadffy>       o RFC 5764 DTLS-SRTP negotiation.
Zoltan.Arpadffy>       o Next Protocol Negotiation.
Zoltan.Arpadffy>       o PSS signatures in certificates, requests and CRLs.
Zoltan.Arpadffy>       o Support for password based recipient info for CMS.
Zoltan.Arpadffy>       o Support TLS v1.2 and TLS v1.1.
Zoltan.Arpadffy>       o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
Zoltan.Arpadffy>       o SRP support.
Zoltan.Arpadffy>
Zoltan.Arpadffy>    We consider OpenSSL 1.0.1 to be the best version of OpenSSL
Zoltan.Arpadffy>    available and we strongly recommend that users of older versions
Zoltan.Arpadffy>    upgrade as soon as possible. OpenSSL 1.0.1 is available for
Zoltan.Arpadffy>    download via HTTP and FTP from the following master locations (you
Zoltan.Arpadffy>    can find the various FTP mirrors under
Zoltan.Arpadffy>    http://www.openssl.org/source/mirror.html):
Zoltan.Arpadffy>
Zoltan.Arpadffy>      * http://www.openssl.org/source/
Zoltan.Arpadffy>      * ftp://ftp.openssl.org/source/
Zoltan.Arpadffy>
Zoltan.Arpadffy>    The distribution file name is:
Zoltan.Arpadffy>
Zoltan.Arpadffy>     o openssl-1.0.1.tar.gz
Zoltan.Arpadffy>       Size: 4453920
Zoltan.Arpadffy>       MD5 checksum: 134f168bc2a8333f19f81d684841710b
Zoltan.Arpadffy>       SHA1 checksum: a6476d33fd38c2e7dfb438d1e3be178cc242c907
Zoltan.Arpadffy>
Zoltan.Arpadffy>    The checksums were calculated using the following commands:
Zoltan.Arpadffy>
Zoltan.Arpadffy>     openssl md5 openssl-1.0.1.tar.gz
Zoltan.Arpadffy>     openssl sha1 openssl-1.0.1.tar.gz
Zoltan.Arpadffy>
Zoltan.Arpadffy>    Yours,
Zoltan.Arpadffy>
Zoltan.Arpadffy>    The OpenSSL Project Team.
Zoltan.Arpadffy>
Zoltan.Arpadffy> -----BEGIN PGP SIGNATURE-----
Zoltan.Arpadffy> Version: GnuPG v1.4.11 (GNU/Linux)
Zoltan.Arpadffy>
Zoltan.Arpadffy> iQEVAwUBT2CkBKLSm3vylcdZAQJv6wgAmrvhkXBB0rOI2Yt5YkgShq7BqqogFJk7
Zoltan.Arpadffy> TBCHP6gR133L08e+WibwLc3HZS8eU2oAyyOYjBiTjO2Dyg5jkkslku2pyX9R8iZd
Zoltan.Arpadffy> vb0k/ZTuzmNO/6dDYwejbYdLjrPmTKWrcofa9GooWhiFBOzi3fbY0pAIWjHBoY07
Zoltan.Arpadffy> LK8HxVzqQ+v/fg3ingqNpD5qJ6y13i4S8wzMPRL/4ox3evRSsEZ2ZTRqCfxwIbQk
Zoltan.Arpadffy> hZHfNL2sCZ+i/BoPKYxezhRweftDKQJtAm17femzymbQ0NVZfKi2i4kcd0GXS4Ow
Zoltan.Arpadffy> eaeMwpXdAGDGcj/HzaqxH1lEkKDQB+H9fo9MT2gqawjntiRt6K/oyQ==
Zoltan.Arpadffy> =yHMc
Zoltan.Arpadffy> -----END PGP SIGNATURE-----
Zoltan.Arpadffy> ______________________________________________________________________
Zoltan.Arpadffy> OpenSSL Project                                 http://www.openssl.org
Zoltan.Arpadffy> Development Mailing List                       [hidden email]
Zoltan.Arpadffy> Automated List Manager                           [hidden email]
Zoltan.Arpadffy>
Zoltan.Arpadffy>
Zoltan.Arpadffy>
Zoltan.Arpadffy> ______________________________________________________________________
Zoltan.Arpadffy> OpenSSL Project                                 http://www.openssl.org
Zoltan.Arpadffy> Development Mailing List                       [hidden email]
Zoltan.Arpadffy> Automated List Manager                           [hidden email]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL 1.0.1 released

Mike Frysinger
In reply to this post by Dr. Stephen Henson
On Wednesday 14 March 2012 19:23:14 Dr. Stephen Henson wrote:

> On Wed, Mar 14, 2012, Mike Frysinger wrote:
> > i'm not looking for downstream workarounds here but rather the right
> > answer. is openssl-1.0.1 expected to be ABI compatible with
> > openssl-1.0.0 ?
>
> Yes. In brief the versioning scheme introduced with 1.0.0 is:
>
> Changes to last letter: security and bugfix only, no new features.
> E.g.  1.0.0->1.0.0a
> Changes to last number: new ABI compatible features.
> E.g. 1.0.0->1.0.1
> Changes to middle number: major release, ABI compatibility not guaranteed.
> E.g. 1.0.0->1.1.0
>
> This is the first "feature release" that has been done since he versioning
> scheme changed so there may be some issues to iron out...
thanks.  i've posted a report for the openssh guys.
https://bugzilla.mindrot.org/show_bug.cgi?id=1991
-mike

signature.asc (853 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL 1.0.1 released

wrowe
In reply to this post by Bruce Stephens-4
On 3/14/2012 12:27 PM, Bruce Stephens wrote:
> [hidden email] (OpenSSL) writes:
>
> [...]
>
>>       o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
>
> I note that #2741 appears not to be resolved, so if you build on Windows
> and use --with-fipsdir=... then that probably won't work.

Recall, you can patch around the OpenSSL project compilation.

You cannot patch around the OpenSSL/FIPS 2.0[future] package compilation.
So this issue probably isn't fatal.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL 1.0.1 released

Ludwig Nussel
In reply to this post by Dr. Stephen Henson
Dr. Stephen Henson wrote:

> On Wed, Mar 14, 2012, Mike Frysinger wrote:
>> i'm not looking for downstream workarounds here but rather the right answer.  
>> is openssl-1.0.1 expected to be ABI compatible with openssl-1.0.0 ?
>
> Yes. In brief the versioning scheme introduced with 1.0.0 is:
>
> Changes to last letter: security and bugfix only, no new features.
> E.g.  1.0.0->1.0.0a
> Changes to last number: new ABI compatible features.
> E.g. 1.0.0->1.0.1
> Changes to middle number: major release, ABI compatibility not guaranteed.
> E.g. 1.0.0->1.1.0

btw, are there any plans to use symbol versioning on systems that
support it?

cu
Ludwig

--
 (o_   Ludwig Nussel
 //\
 V_/_  http://www.suse.de/
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imend├Ârffer, HRB 16746 (AG N├╝rnberg)
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
12