[stunnel-users] OpenSSL 1.1.1 secure level and also an old problem rearing up
Michal Trojnara
Michal.Trojnara at stunnel.org
Sun Aug 26 21:35:28 CEST 2018
On 8/24/18 6:15 PM, Peter Pentchev wrote:
> Sorry to be the bearer of a "those OS vendors did something again and
> now we have to catch up with them... again..." type of news, but, well,
> the maintainers of the Debian package of OpenSSL upgraded it to
> a prerelease 1.1.1 version and, in the process, changed the default
> cipher selection in the openssl.cnf file to 'SECLEVEL=2'.
Debian indeed has a history of making strange changes to OpenSSL and thus breaking compatibility with the upstream package. I honestly don't think it is fair to call those modified packages "OpenSSL".
Regardless of Debian, we will update the test certificates to use sha256.
> if there is a "ciphers" option in the config file, stunnel eventually
> dies with an error that I seem to remember having seen before; take
> a look at this gdb backtrace from stunnel 5.48:
This is a separate issue. I believe I manged to fix it. Please try:
https://www.stunnel.org/downloads/beta/stunnel-5.49b4.tar.gz
> So, yeah, what would be the best way forward here?
I think the best way is wait a few days for the updated upstream stunnel package, and then proceed with packaging it. Would it be okay with you?
Best regards,
Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20180826/c5fe6a62/attachment.sig>
More information about the stunnel-users
mailing list