[Bug 1759059] Re: [FFe] OpenSSL 1.1.1 series with TLS 1.3 support and longer upstream support

Steve Langasek steve.langasek at canonical.com
Mon Mar 26 22:48:44 UTC 2018 

What are the upstream binary compatibility guarantees between the
1.1.1~pre3 currently in experimental and the eventual 1.1.1 GA?

What is the binary compatibility between existing 1.1.0g and 1.1.1~pre3?

If 1.1.1 breaks binary compatibility after we've already included
1.1.1~pre3, what is the revert path?

** Changed in: openssl (Ubuntu)
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1759059

Title:
  [FFe] OpenSSL 1.1.1 series with TLS 1.3 support and longer upstream
  support

Status in openssl package in Ubuntu:
  Incomplete

Bug description:
  * TLS 1.3 is now a proposed standard

  https://www.ietf.org/mail-archive/web/ietf-
  announce/current/msg17592.html

  * OpenSSL upstream is planning OpenSSL 1.1.1 release with the
  following tentative timeline:

  - 20th March 2018, beta release 1 (pre3) (released)
    + OpenSSL_1_1_1-stable created (feature freeze)
    + master becomes basis for 1.1.2 or 1.2.0 (TBD)
  - 3rd April 2018, beta release 2 (pre4)
  - 17th April 2018, beta release 3 (pre5)
  - 1st May 2018, beta release 4 (pre6)
  - 8th May 2018, release readiness check
    (new release cycles added if required,
     first possible final release date: 15th May 2018)

  * OpenSSL 1.1.0 will then go end of life - 
    "Version 1.1.0 will be supported until one year after the release of 1.1.1"

  * Proposal to ship OpenSSL 1.1.1 in Bionic by

  - landing 1.1.1 pre3 asap
  - follow up landing pre-releases as they become available
  - continue to land pre-releases as SRUs as they become available
  - until 1.1.1 final is shipped in bionic-updates & bionic-security

  * Contingency plan:

  - If packages FTBFS, attempt to fix them before 18.04.0
  - If packages fail autopkgtests, attempt to fix them before 18.04.0
  - If TLS1.3 causes connectivity issues, consider shipping with TLS1.3 not enabled by default
  - If all of above fails, consider reverting to 1.1.0

  * Testing silo to be provided shortly

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1759059/+subscriptions

More information about the foundations-bugs mailing list