Page 1 of 1

OpenSSL 1.1.1 is out!

PostPosted: Wed Sep 19, 2018 6:59 pm
by EKjellquist
As of 9/11, OpenSSL 1.1.1 is in final release. I realize AMS and AFS will probably eventually support it, but being able to utilize TLS 1.3 / SHA3 / ECC certificates would really get me to upgrade quicker, and given several months it's going to be a necessity.

https://www.openssl.org/blog/blog/2018/ ... elease111/

Re: OpenSSL 1.1.1 is out!

PostPosted: Fri Sep 21, 2018 8:09 am
by Code Crafters
We'll try to upgrade to this version. However, moving from 1.0.x to 1.1.x is major update and requires a rewrite of most of our SSL code which is why we haven't done it already. We recently had to downgrade from 1.0.2o back to 1.0.2L due to instabilities in OpenSSL and generating certificates not working. The latest is 1.0.2p in that series. As you say 1.1.1 is the latest in the new series and we'll try to move to that when we can.

Re: OpenSSL 1.1.1 is out!

PostPosted: Thu Oct 24, 2019 7:05 pm
by EKjellquist
OpenSSL 1.0.2 appears to be out of support as of 12/31/19, and we're getting dinged here and there as far as PCI checks go for older versions of OpenSSL; We're using 1.1.1d on Apache and everywhere else we can at the moment..

Any word on when TLS 1.3 / OpenSSL 1.1.1x will be supported I'm guessing that's coming in v5? Any info on that would be appreciated..Eventually the winds will be shifting away from TLS 1.2 also and I'd rather be on the front end of that with AMS/AFS..

https://www.openssl.org/source/