Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update OpenSSL Strategy for OpenSSL 3.x #859

Merged
merged 2 commits into from
May 5, 2020
Merged

Update OpenSSL Strategy for OpenSSL 3.x #859

merged 2 commits into from
May 5, 2020

Conversation

sam-github
Copy link
Contributor

No description provided.

@sam-github
Copy link
Contributor Author

@danbev @jasnell The state as I know it. The deadlines as I understand them!

@sam-github sam-github mentioned this pull request May 1, 2020
Closed
sam-github
sam-github commented May 1, 2020
View reviewed changes
OpenSSL-Strategy.md Outdated
* Default minimum TLS version is TLSv1.2, default maximum is TLSv1.3. TLSv1
and TLSv1.1 are *not* supported by default, only by explicit run-time
configuration.
* FIPS: not supported
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

or, maybe supported? it could happen.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Current expectation, as I understand it, is that the FIPS provider should be available by the end of the year

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Even if it comes for a later version in the 3.x as long as it's not breaking we should be able to get to FIPs as well. Therefore, it is more of a "maybe" at this point.

mcollina
mcollina approved these changes May 1, 2020
View reviewed changes
Copy link
Member

@mcollina mcollina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, this look a lot of work.

mhdawson
mhdawson reviewed May 4, 2020
View reviewed changes
OpenSSL-Strategy.md
not an appropriate choice for 16.x

For minimal disruption, it would probably be helpful if Node.js supported
building against OpenSSL 1.1.1 out-of-tree, even if OpenSSL 3.x was in-tree.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed

mhdawson
mhdawson approved these changes May 4, 2020
View reviewed changes
Copy link
Member

@mhdawson mhdawson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with a comment.

@sam-github sam-github merged commit bf49eef into nodejs:master May 5, 2020
@sam-github sam-github deleted the ossl3-update branch May 5, 2020 14:49
@richardlau richardlau mentioned this pull request May 4, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasnell jasnell jasnell approved these changes

@mhdawson mhdawson mhdawson approved these changes

@cjihrig cjihrig cjihrig approved these changes

@mcollina mcollina mcollina approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@sam-github @mcollina @jasnell @cjihrig @mhdawson