[Upgrade] Use OpenSSL v3

Question

[Upgrade] Use OpenSSL v3

hyperxpro opened this issue 2 years ago · comments

OpenSSL v3 is available and now achieved FIPS 140-2 Validation. This is useful for use cases that need FIPS 140-2 out of the box.

Hasnain Lakhani · Answer 1 · Wed Jul 19 2023 02:19:07 GMT+0800 (China Standard Time)

hi @normanmaurer, I'm happy to put in the work to do this - is it as simple as updating the hashes in the file like c2b5d1a ?

I tried doing that locally (updating to 3.0.2) and it worked fine for me in my application, so I wanted to see if it was possible to have the version here upgraded

Aayush Atharva · Answer 2 · Wed Jul 19 2023 02:23:06 GMT+0800 (China Standard Time)

Well, is it just updating hashes and pointing to a new URL? No API change?

Hasnain Lakhani · Answer 3 · Wed Jul 19 2023 02:25:20 GMT+0800 (China Standard Time)

@hyperxpro it worked fine in my application, but I'm not sure of how to run the full suite of tests for netty-tcnative and ensure everything works just fine. Happy to put up a PR and have that launch CI jobs if that's acceptable.

Aayush Atharva · Answer 4 · Wed Jul 19 2023 02:26:17 GMT+0800 (China Standard Time)

Sure please do.

Also, can you show Netty logs when you loaded 3.0.0 OpenSSL?

Hasnain Lakhani · Answer 5 · Wed Jul 19 2023 02:28:08 GMT+0800 (China Standard Time)

@hyperxpro here's what I saw:

18:08:03.378 [ScalaTest-run] DEBUG io.netty.handler.ssl.OpenSsl - Initialize netty-tcnative using engine: 'default'
18:08:03.380 [ScalaTest-run] DEBUG io.netty.handler.ssl.OpenSsl - netty-tcnative using native library: OpenSSL 3.0.2 15 Mar 2022

Will try to put up a PR in a bit (need to double check my corporate policies)

Aayush Atharva · Answer 6 · Tue Sep 12 2023 17:01:02 GMT+0800 (China Standard Time)

Closed by PR #802