Update to OpenSSL 1.1.1?

Ivan Zhakov

unread,

Mar 22, 2019, 4:51:54 AM3/22/19

to tortois...@googlegroups.com

Hi,

OpenSSL is going to be unsupported after 2019-09-11 [1]. Also next
OpenSSL version 1.1.1 adds support for new TLS protocol version 1.3.
TLS v1.3 more secure and faster due to TLS handshake improvements.

I think it would be great to upgrade TortoiseSVN to use OpenSSL 1.1.1b.

I've tested and it seems works out of the box. e_capi patch is also
applies cleanly.

[1] https://www.openssl.org/policies/releasestrat.html

--
Ivan Zhakov

Ivan Zhakov

unread,

Mar 22, 2019, 4:57:00 AM3/22/19

to tortois...@googlegroups.com

On Fri, 22 Mar 2019 at 11:51, Ivan Zhakov <chem...@gmail.com> wrote:
>
> Hi,
>
> OpenSSL is going to be unsupported after 2019-09-11 [1]. Also next
> OpenSSL version 1.1.1 adds support for new TLS protocol version 1.3.
> TLS v1.3 more secure and faster due to TLS handshake improvements.
>
> I think it would be great to upgrade TortoiseSVN to use OpenSSL 1.1.1b.
>
> I've tested and it seems works out of the box. e_capi patch is also
> applies cleanly.
>

The only trick is to add "no-autoload-config" option during
compilation because new OpenSSL loads C:\Program Files\Common
Files\SSL\openssl.cnf by default and this is potential privilege
escalation issue. See attached patch.

--
Ivan Zhakov

tsvn-openssl-noautoload-config-v1.patch.txt

Stefan Kueng

unread,

Mar 22, 2019, 4:44:28 PM3/22/19

to TortoiseSVN-dev on behalf of Ivan Zhakov

Thanks!

I'll run some tests this weekend and will update to OpenSSL 1.1.1 if I
don't find any problems.

Stefan

Reply all

Reply to author

Forward