Update

[Hal Murray]

esr at thyrsus.com said:
>> Are we ever going to want to use anything older than TLS1.2?  Spec says no, 
>> but it might be interesting for testing.
> I'm not interested in complicating our lives with a surfeit of obsolete APIs.

Sounds good.  It's probably worth updating our requirements section to include 
a version of OpenSSL new enough to support TLS1.2

We should be able to add that check to waf.  I looked into it a bit, but it 
was going to take too long.

We can get the version info either of two ways.

Their command line tool is openssl.
$ openssl version
OpenSSL 1.1.1a FIPS  20 Nov 2018
$
It's not part of the -dev package and otherwise not (yet) necessary to build.  
We might end up using it for some testing, but I can't think of a good example.

OPENSSL_VERSION_NUMBER is defined in openssl/opensslv.h which gets pulled in 
by openssl/ssl.h
It looks like:
# define OPENSSL_VERSION_NUMBER  0x1010101fL
There is also a text version:
# define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1a FIPS  20 Nov 2018"

I don't know what version we need, but I'm pretty sure I can track it down.  
Their man pages are good about having a HISTORY section describing when a 
feature was added.




-- 
These are my opinions.  I hate spam.