From owner-freebsd-questions@freebsd.org Fri Jan 3 20:58:01 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1213F1E7E85 for ; Fri, 3 Jan 2020 20:58:01 +0000 (UTC) (envelope-from johnl@iecc.com) Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "gal.iecc.com", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47qHKz5DY4z4MBN for ; Fri, 3 Jan 2020 20:57:59 +0000 (UTC) (envelope-from johnl@iecc.com) Received: (qmail 3089 invoked from network); 3 Jan 2020 20:57:52 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=c0e.5e0faad0.k2001; i=printer-iecc.com@submit.iecc.com; bh=u9kiEcvL553GNVsGyZESAMPN62HOaWjY8mfVtI3USbY=; b=fLvbAq6y98ePjp3lMIgOMcJ38k68QXu+NmQkFFRzgBuQaSlr4miHKpt6MbzZW1X9r7Ti2saKLl9ZrCowG7kLrCxDBydWqZjz+6aZgT5CjDo8PNT87eAqlFug/KF6rIOSugcYw6mFskIxsmC1sFGzll3WstqJTNTs4cIPlkruFwoICCbkvd/OMuavoGrx4UJVMwZNwfO8MmXX77YIQ5k+F8V6y36yUmpNZlj7SKAQ2J8HhPdnMLpAIcv93Cn4V1/W Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPSA (TLS1.2 ECDHE-RSA AES-256-GCM AEAD, printer@iecc.com) via TCP6; 03 Jan 2020 20:57:52 -0000 Received: by ary.qy (Postfix, from userid 501) id DCBC711F1DBB; Fri, 3 Jan 2020 15:57:51 -0500 (EST) Date: 3 Jan 2020 15:57:51 -0500 Message-Id: <20200103205751.DCBC711F1DBB@ary.qy> From: "John Levine" To: freebsd-questions@freebsd.org Cc: uklyfe14@gmail.com Subject: Re: FreeBSD12 and OpenSSL 1.0.2 In-Reply-To: Organization: Taughannock Networks X-Headerized: yes Mime-Version: 1.0 Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 8bit X-Rspamd-Queue-Id: 47qHKz5DY4z4MBN X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=iecc.com header.s=c0e.5e0faad0.k2001 header.b=fLvbAq6y; dmarc=pass (policy=none) header.from=iecc.com; spf=pass (mx1.freebsd.org: domain of johnl@iecc.com designates 2001:470:1f07:1126:0:43:6f73:7461 as permitted sender) smtp.mailfrom=johnl@iecc.com X-Spamd-Result: default: False [-8.14 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[iecc.com:s=c0e.5e0faad0.k2001]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_MED(-2.00)[iecc.com.dwl.dnswl.org : 127.0.4.2]; R_SPF_ALLOW(-0.20)[+ip6:2001:470:1f07:1126::/64]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; HAS_ORG_HEADER(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[iecc.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[iecc.com,none]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; IP_SCORE(-3.64)[ip: (-9.90), ipnet: 2001:470::/32(-4.67), asn: 6939(-3.58), country: US(-0.05)]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US]; FREEMAIL_CC(0.00)[gmail.com]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Jan 2020 20:58:01 -0000 In article you write: >We recently purchased the support of OpenSSL 1.0.2 to extend support for >our software through OpenSSL’s deprecation while we test functionality and >compatibility with upgrading our software platform from FreeBSD 11 to 12. >Would you be able to tell me if and for how long- FreeBSD 12 will be >compatible with OpenSSL 1.0.2? We do intend to upgrade both packages but >need to know the timeline given the constraint of our need to upgrade >OpenSSL 1.0.2. There's an openssl-unsafe port that provides 1.0.2 for Freebsd 12 if you really need it. Since FreeBSD 11 will be supported for another year and a half, my advice would be to stick with 11.x while you upgrade your software to openssl 1.1.