man3: Drop warning about using security levels higher than 1. #12444
Conversation
Today, majority of web-browsers reject communication as allowed by the security level 1. Instead key sizes and algorithms from security level 2 are required. Thus remove the now obsolete warning against using security levels higher than 1. For example Ubuntu, compiles OpenSSL with security level set to 2, and further restricts algorithm versions available at that security level.
|
@kroeckx I added the 1.1.1 label, as this seems to be generally applicable. Please confirm your approval holds for 1.1.1 |
In Ubuntu, we have removed said warning in our 1.1.1 builds too. See http://manpages.ubuntu.com/manpages/focal/en/man3/SSL_CTX_set_security_level.3ssl.html#notes |
|
1.1.1 is fine for me
|
|
24 hours has passed since 'approval: done' was set, but as this PR has been updated in that time the label 'approval: ready to merge' is not being automatically set. Please review the updates and set the label manually. |
|
Hmm, the pre-commit scripts are complaining about the lack of a CLA. I would be willing to consider this change trivial from a CLA perspective (it's just deleting things, and there's no creativity applied about which parts to delete), but @xnox and @kroeckx would have to agree. I'm not sure why the "hold: CLA required" label was originally removed... |
|
Cla for xnox@ubuntu.com was submitted and accepted by legal@. So it should work... |
|
I'll close and reopen the pull request to give the CI another crack at the CLA check. |
|
For some reason Paul said he added it, but it's not in the repo.
I've asked Paul to look at it.
|
|
Looks like this has the necessary approvals, and the CLA issue is resolved. There is a travis failure but that doesn't seem relevant. Setting the "ready to merge" label. |
Today, majority of web-browsers reject communication as allowed by the security level 1. Instead key sizes and algorithms from security level 2 are required. Thus remove the now obsolete warning against using security levels higher than 1. For example Ubuntu, compiles OpenSSL with security level set to 2, and further restricts algorithm versions available at that security level. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from #12444)
Today, majority of web-browsers reject communication as allowed by the security level 1. Instead key sizes and algorithms from security level 2 are required. Thus remove the now obsolete warning against using security levels higher than 1. For example Ubuntu, compiles OpenSSL with security level set to 2, and further restricts algorithm versions available at that security level. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from #12444) (cherry picked from commit 02e14a6)
|
Pushed to master and 1.1.1; closing. |
Today, majority of web-browsers reject communication as allowed by the
security level 1. Instead key sizes and algorithms from security level
2 are required. Thus remove the now obsolete warning against using
security levels higher than 1. For example Ubuntu, compiles OpenSSL
with security level set to 2, and further restricts algorithm versions
available at that security level.
Checklist