Re: [exim-dev] [Bug 1895] Default groups for DH possibly bac…

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Andrew C Aitchison
Data:  
Para: exim-dev
Assunto: Re: [exim-dev] [Bug 1895] Default groups for DH possibly backdoored
On Tue, 19 Mar 2019, Viktor Dukhovni via Exim-dev wrote:

> On Tue, Mar 19, 2019 at 02:43:04AM +0000, admin--- via Exim-dev wrote:
>
>> --- Comment #9 from Phil Pennock <pdp@???> ---
>> IMO yes we're ready to drop support for older OpenSSL. We set a clear policy,
>> it's over a year (or two?) after that point, and other projects have adopted
>> similar policies.


https://lists.exim.org/lurker/message/20170102.153501.d4c71d99.en.html
(January 2017) says that we are dropping support for openssl v1.0.1
and below.

https://www.openssl.org/policies/releasestrat.html says:
   With regards to current and future releases the OpenSSL
   project has adopted the following policy:
     The next version of OpenSSL will be 3.0.0.
     Version 1.1.1 will be supported until 2023-09-11 (LTS).
     Version 1.1.0 will be supported until 2019-09-11.
     Version 1.0.2 will be supported until 2019-12-31 (LTS).
     Version 1.0.1 is no longer supported.
     Version 1.0.0 is no longer supported.
     Version 0.9.8 is no longer supported.


Is it time to announce when exim will drop support for
openssl 1.0.2 and 1.1.0 ?


> FWIW, Postfix 3.4, released a few weeks ago no longer supports OpenSSL
> versions prior to 1.0.2.
> Though folks on this list probably don't care, Postfix support
> covers and the current and 3 previous stable releases, so we're
> still supporting Postfix 3.1, 3.2 and 3.3 which build with older
> OpenSSL releases, all the way back to 0.9.7, but DANE support
> requires at least OpenSSL 1.0.0. So users who're stuck with
> OpenSSL 1.0.2 can continue to use it, with a slightly older
> Postfix release, until 3.4 becomes the oldest supported stable
> release.


Not sure from that whether Postfix 3.4 supports OpenSSL 1.0.2 ?

Red Hat Enterprise Linux 6 is stuck with OpenSSL 1.0.1, but is on its
last legs (entered "Maintenance Support 2 Phase" May 2017 and will be
retired November 30, 2020) so I hope that its users will be moving the OS on
and not in great need for the latest exim features.

-- 
Andrew C. Aitchison                    Cambridge, UK
             andrew@???