OpenSSL 1.1 EoL
Added by Mark Travis 1 day ago
I just had to reinstall OpenSSL 1.1 on both of my Linux machines and it looks like it got removed from macOS Sequoia as well. All of my compiles blow up after not finding crypt. Evidently sudo apt upgrade gets rid of it on Linux, and I'm sure the last fixpack on Sequoia got rid of it.
I get a message now (post 1.1 re-install) when I start my Wt app that I didn't before: "Auth.HashFunction: ASVS recommends using BCrypt with at least 10 iterations."
I see an open ticket for something that might be closely related in the issues section.
I'm currently using compute() and verify() from the Wt::Auth::HashFunction.
Do we need to reinstall OpenSSL 1.1 until OpenSSL 3 gets implemented on the background? Or can we reconfigure to use OpenSSL 3 now?
And I may be completely misinformed, so feel free to set me straight.
Replies (2)
RE: OpenSSL 1.1 EoL - Added by Mark Travis 1 day ago
I also had to re-install bootstrap 1.86 from scratch on both Linux machines. I'm starting to think the two might be related, but maybe not.
RE: OpenSSL 1.1 EoL - Added by Mark Travis 1 day ago
I got rid of a #ifdef HAVE_CRIPT statement that has been in the code forever. Once I removed that and removed "crypt" from my CMakeLists.txt, no more errors. So, maybe I can delete OpenSSL 1.1 and not worry about it.
I don't currently have https turned on as it's in a very secure environment, but maybe it would be good to know from the Wt team if 1.1 is still needed for anything in the 4.11+ environment.