Discussion:
OpenSSL 3.0.0-beta1 Update
(too old to reply)
Randall
2021-07-07 15:02:21 UTC
Permalink
Hi Everyone,

OpenSSL 3.0.0 beta1 is now available for all planned builds.
This applies to both TNS/X and TNS/E.

Unthreaded - 64 bit, IEEE float.
PUT - 64 bit, IEEE float, Posix User Threads
SPT - 32 bit, IEEE float, Standard Posix Threads, FLOSS

The installs will go to separate directories so will not impact existing OpenSSL installations. See the README files on the ITUGLIB website.

The TNS/X version comes with an uncertified FIPS provider and uses a hardware randomizer instead of PRNGD. FIPS certification is still an open question for OpenSSL 3.0.0 and no policy has yet been established by the OpenSSL team. I will post more information when it is available. Please feel free to reach out to me directly to discuss this.

Beta2 should be out "soon", and now that our builds are stable, it should only take a day or so to get the build to the website.

We still have work to do to bring other products up to OpenSSL 3.0 compatibility and will announce those as they happen.

Regards,
Randall
On Behalf of the ITUGLIB Technical Committee
Randall
2021-07-07 22:09:09 UTC
Permalink
Post by Randall
Hi Everyone,
OpenSSL 3.0.0 beta1 is now available for all planned builds.
This applies to both TNS/X and TNS/E.
Unthreaded - 64 bit, IEEE float.
PUT - 64 bit, IEEE float, Posix User Threads
SPT - 32 bit, IEEE float, Standard Posix Threads, FLOSS
The installs will go to separate directories so will not impact existing OpenSSL installations. See the README files on the ITUGLIB website.
The TNS/X version comes with an uncertified FIPS provider and uses a hardware randomizer instead of PRNGD. FIPS certification is still an open question for OpenSSL 3.0.0 and no policy has yet been established by the OpenSSL team. I will post more information when it is available. Please feel free to reach out to me directly to discuss this.
Beta2 should be out "soon", and now that our builds are stable, it should only take a day or so to get the build to the website.
We still have work to do to bring other products up to OpenSSL 3.0 compatibility and will announce those as they happen.
Regards,
Randall
On Behalf of the ITUGLIB Technical Committee
So some bad news. The install did not work correctly when OpenSSL was built. The .so files are not included in the package because of an OpenSSL bug. I will report back when this is fixed.
Randall
2021-07-12 19:06:18 UTC
Permalink
Post by Randall
Post by Randall
Hi Everyone,
OpenSSL 3.0.0 beta1 is now available for all planned builds.
This applies to both TNS/X and TNS/E.
Unthreaded - 64 bit, IEEE float.
PUT - 64 bit, IEEE float, Posix User Threads
SPT - 32 bit, IEEE float, Standard Posix Threads, FLOSS
The installs will go to separate directories so will not impact existing OpenSSL installations. See the README files on the ITUGLIB website.
The TNS/X version comes with an uncertified FIPS provider and uses a hardware randomizer instead of PRNGD. FIPS certification is still an open question for OpenSSL 3.0.0 and no policy has yet been established by the OpenSSL team. I will post more information when it is available. Please feel free to reach out to me directly to discuss this.
Beta2 should be out "soon", and now that our builds are stable, it should only take a day or so to get the build to the website.
We still have work to do to bring other products up to OpenSSL 3.0 compatibility and will announce those as they happen.
Regards,
Randall
On Behalf of the ITUGLIB Technical Committee
So some bad news. The install did not work correctly when OpenSSL was built. The .so files are not included in the package because of an OpenSSL bug. I will report back when this is fixed.
The issues with OpenSSL have been (mostly) fixed and refreshed on the ITUGLIB website as of today. We are about 218 commits beyond the initial beta1 release by this point - beta2 should be coming soon. There is one issue with the TNS/E SPT version, which I have reported to the OpenSSL team. Other builds successfully pass their test suites. The tls13kexmodes self-test fails only on TNS/E SPT with the current version. Other tests pass.

Please let me know here if you have any issues.

Remember to unpack using super.super in OSS with:

tar xzf (package).tar.gz -C / -p --same-owner

Regards,
Randall

Loading...