[Bug 1216950] New: openssl-3 should offer ktls capability but has OPENSSL_NO_KTLS enabled
https://bugzilla.suse.com/show_bug.cgi?id=1216950 Bug ID: 1216950 Summary: openssl-3 should offer ktls capability but has OPENSSL_NO_KTLS enabled Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: openSUSE Tumbleweed Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: bruno@ioda-net.ch QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- I've been trying to benefit of ktls support offered by the kernel (6.5.9-1-default as time reporting), but none of the experimentation to implement ktls failed. This is due because OpenSSL 3.1.4 24 has OPENSSL_NO_KTLS defined. Would it be possible to review that parameter, and offer developer and user the same capability that other operating system offer (Fedora for example) ? Thanks -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1216950 Bruno Friedmann <bruno@ioda-net.ch> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |otto.hollmann@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1216950 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|security-team@suse.de |otto.hollmann@suse.com CC| |meissner@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1216950 https://bugzilla.suse.com/show_bug.cgi?id=1216950#c1 --- Comment #1 from Bruno Friedmann <bruno@ioda-net.ch> --- Ping any news here ? We (at Bareos) really would like to have at least a statement for this. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1216950 https://bugzilla.suse.com/show_bug.cgi?id=1216950#c2 Otto Hollmann <otto.hollmann@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CONFIRMED --- Comment #2 from Otto Hollmann <otto.hollmann@suse.com> --- KTLS might be problematic in context of our certification (because avoids any crypto implementations from providers), but since it's disabled by default it should be safe to compile library with KTLS support. I will submit new version with KTLS support enabled. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1216950 https://bugzilla.suse.com/show_bug.cgi?id=1216950#c3 Otto Hollmann <otto.hollmann@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|CONFIRMED |RESOLVED --- Comment #3 from Otto Hollmann <otto.hollmann@suse.com> --- I added KTLS support in January but unfortunately forgot to mention it in changelog. Changelog update:
Closing this issue. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com