Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

man3: Drop warning about using security levels higher than 1. #12444

Closed
wants to merge 1 commit into from

Conversation

@xnox
Copy link
Contributor

@xnox xnox commented Jul 14, 2020

Today, majority of web-browsers reject communication as allowed by the
security level 1. Instead key sizes and algorithms from security level
2 are required. Thus remove the now obsolete warning against using
security levels higher than 1. For example Ubuntu, compiles OpenSSL
with security level set to 2, and further restricts algorithm versions
available at that security level.

Checklist
  • documentation is added or updated
Today, majority of web-browsers reject communication as allowed by the
security level 1. Instead key sizes and algorithms from security level
2 are required. Thus remove the now obsolete warning against using
security levels higher than 1. For example Ubuntu, compiles OpenSSL
with security level set to 2, and further restricts algorithm versions
available at that security level.
@kaduk
kaduk approved these changes Jul 15, 2020
@kaduk
Copy link
Contributor

@kaduk kaduk commented Jul 15, 2020

@kroeckx I added the 1.1.1 label, as this seems to be generally applicable. Please confirm your approval holds for 1.1.1

@xnox
Copy link
Contributor Author

@xnox xnox commented Jul 15, 2020

@kroeckx I added the 1.1.1 label, as this seems to be generally applicable. Please confirm your approval holds for 1.1.1

In Ubuntu, we have removed said warning in our 1.1.1 builds too. See http://manpages.ubuntu.com/manpages/focal/en/man3/SSL_CTX_set_security_level.3ssl.html#notes

@kroeckx
Copy link
Member

@kroeckx kroeckx commented Jul 15, 2020

@openssl-machine
Copy link

@openssl-machine openssl-machine commented Jul 16, 2020

24 hours has passed since 'approval: done' was set, but as this PR has been updated in that time the label 'approval: ready to merge' is not being automatically set. Please review the updates and set the label manually.

@kaduk
Copy link
Contributor

@kaduk kaduk commented Jul 17, 2020

Hmm, the pre-commit scripts are complaining about the lack of a CLA. I would be willing to consider this change trivial from a CLA perspective (it's just deleting things, and there's no creativity applied about which parts to delete), but @xnox and @kroeckx would have to agree. I'm not sure why the "hold: CLA required" label was originally removed...

@xnox
Copy link
Contributor Author

@xnox xnox commented Jul 17, 2020

Cla for xnox@ubuntu.com was submitted and accepted by legal@. So it should work...

@kaduk
Copy link
Contributor

@kaduk kaduk commented Jul 17, 2020

I'll close and reopen the pull request to give the CI another crack at the CLA check.

@kroeckx
Copy link
Member

@kroeckx kroeckx commented Jul 17, 2020

@xnox xnox closed this Jul 18, 2020
@xnox xnox reopened this Jul 18, 2020
@mattcaswell
Copy link
Member

@mattcaswell mattcaswell commented Jul 20, 2020

Looks like this has the necessary approvals, and the CLA issue is resolved. There is a travis failure but that doesn't seem relevant. Setting the "ready to merge" label.

openssl-machine pushed a commit that referenced this pull request Jul 20, 2020
Today, majority of web-browsers reject communication as allowed by the
security level 1. Instead key sizes and algorithms from security level
2 are required. Thus remove the now obsolete warning against using
security levels higher than 1. For example Ubuntu, compiles OpenSSL
with security level set to 2, and further restricts algorithm versions
available at that security level.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from #12444)
openssl-machine pushed a commit that referenced this pull request Jul 20, 2020
Today, majority of web-browsers reject communication as allowed by the
security level 1. Instead key sizes and algorithms from security level
2 are required. Thus remove the now obsolete warning against using
security levels higher than 1. For example Ubuntu, compiles OpenSSL
with security level set to 2, and further restricts algorithm versions
available at that security level.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from #12444)

(cherry picked from commit 02e14a6)
@kaduk
Copy link
Contributor

@kaduk kaduk commented Jul 20, 2020

Pushed to master and 1.1.1; closing.
Thanks for the submission and working through the CLA issues!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

5 participants