Upgrade OpenSSL to 1.1.0

Started by bwgreen, January 26, 2017, 06:24:45 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

bwgreen

January 26, 2017, 06:24:45 PM
We have a need to upgrade the OpenSSL on our machine from 1.0.2j to 1.1.0 (we are running Apache 2.4.25 VC14) - are there plans to build an upgrade for this?  Or does anyone know of a way to do it?

Thanks,

Brian

Gregg

#1
January 26, 2017, 09:19:57 PM
Well, there is no plan to upgrade to 1.1.0 until Apache is modified to use it. 1.1.0 has a drastic API change so it's not like prior versions that one can simply just start building with instead (like 1.0.0, 1.0.1 & 1.0.2).

So once Apache has been modified to deal with it (in the works), we'll be upgrading to it.

As a side note, the last few high severity bugs in OpenSSL have been only in 1.1.0.
https://www.openssl.org/news/vulnerabilities.html#y2016

Print
Go Up Pages1
User actions