On Mon, Dec 05, 2022 at 11:14:56PM +0100, Volker Schlecht wrote:
> That's switching as in "They bundle OpenSSL 3.07 + QUIC Patch and that's
> what they develop against".
They also support BoringSSL which does not yet provide any OpenSSL 3 API.
> Also the project would rather have switched to OpenSSL 3.0 for the previous
> LTS release already:
>
> https://nodejs.org/en/blog/announcements/nodejs16-eol/
>
> So while it might build against OpenSSL 1.1.1 (full disclosure: I didn't
> even try) I'm reasonably sure that any issues arising from that will be ours
> to fix.
>
> You seem to be critical about having the dependency on 3.0 ... any reasons I
> should be aware of?
OpenSSL 1.1 is well tested and a more or less known beast. OpenSSL 3 on
the other hand... not so much.
I don't care deeply if OpenSSL 3 is used for this, I just wanted to make
sure the switch wasn't made blindly since newer is better (which in this
case it probably isn't).
No comments:
Post a Comment