Opened 7 years ago

Closed 7 years ago

#6825 closed defect (implemented)

Drop support for openssl 0.9.7; complain about 0.9.8

Reported by: nickm Owned by:
Priority: Medium Milestone: Tor: 0.2.4.x-final
Component: Core Tor/Tor Version:
Severity: Keywords: tor-relay
Cc: mikeperry, atagar, hiviah Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

OpenSSL 0.9.7 is old and unsupported by the openssl team.

OpenSSL 0.9.8 doesn't have the improved crypto implementations of 1.0.0 and 1.0.1.

Removing support for the former lets us remove our sha256 implementation and a modest pile of backward compatibility code. Complaining about the latter will maybe encourage people who build from source to build with a better openssl.

See branch openssl_1_is_best in my public repo.

Before merging this, we should confirm that we don't care about Tor 0.2.4 dropping support for any distro that's been trying to patch 0.9.7; do they exist?

Child Tickets

Change History (6)

comment:1 Changed 7 years ago by nickm

Status: newneeds_review

comment:2 in reply to:  description Changed 7 years ago by rransom

Cc: mikeperry atagar added

Replying to nickm:

See branch openssl_1_is_best in my public repo.

The changes in the diff look good. (I didn't go hunting for other compatibility code.)

Before merging this, we should confirm that we don't care about Tor 0.2.4 dropping support for any distro that's been trying to patch 0.9.7; do they exist?

If any exist, they would be CentOS/RHEL. CCing people known to care about those.

comment:3 Changed 7 years ago by nickm

Keywords: tor-relay added

comment:4 Changed 7 years ago by nickm

Component: Tor RelayTor

comment:5 Changed 7 years ago by arma

Cc: hiviah added

comment:6 Changed 7 years ago by nickm

Resolution: implemented
Status: needs_reviewclosed

Merged into master.

This will break us on rhel4, which afaict nobody should really be running. If you _are_ running Tor on rhel4, just build yourself an openssl 1.0.1c.

Note: See TracTickets for help on using tickets.