How old a version of OpenSSL do we support?

James Browning jamesb192 at jamesb192.com
Tue Jun 11 20:38:10 UTC 2024


> On 06/11/2024 11:47 AM PDT Hal Murray via devel <devel at ntpsec.org> wrote:

:::snip:::

> So it looks like 1.1.0 isn't supported at all, much less older versions.
> But if you aren't using NTS, we just need the crypto routines. So is
> anybody running our code without NTS on really really really old versions
> of OpenSSL? How would we find out?

I do not know of anyone using pre-1.1.1y versions of OpenSSL. macOS
users might qualify if linking against LibreSSL. Someone should
probably check on that and report if that is the case.

Put a shout-out on users at ntpsec.org and announce at ntpsec.org.
I would prepare for thunderous silence, though.

> I plan to drop all the ifdefs, fixup all the code to use EVP_MD_CTX_new()
> and EVP_MD_CTX_free(). Any objections? Anybody know of places running
> really really old versions of OpenSSL and running up-to-date versions of
> NTPsec?

I have heard that RHEL users tend to have ancient and obsolete
software. There will be a 'think of the toasters' group.


More information about the devel mailing list