[Pkg-openssl-devel] Downgrade of libssl1.1
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Sun Apr 25 20:37:09 BST 2021
On 2021-03-14 03:02:07 [+0100], Benjamin Kuhl wrote:
> Hey,
Hi,
> i have a question. Today i made an update on my debian 10 system and i
> recieved a message during the update. I feel now a bit insecure about the
> message.
>
> I added the repository from Ondřej Surý deb.sury.org to my system, because i
> needed the php7.4 packages for some services i run.
>
> And he made changes to my system, that when i run apt dist-upgrade, then the
> libssl1.1 version will be downgraded to libssl1.0. He sad that libssl1.1
> reaches end of life and libssl1.0 has long term service.
>
>
> Now im asking me, why did not the official repository made these changes?
> And isnt there a newer package when libssl1.1 reaches end of life? I saw a
> package like libssl3 somewhere.
>
>
> Im not sure at the moment if i want to downgrade, because a while ago i read
> about many ssl problems and i dont know if the libssl1.0 was fixed.
This is besides what is officially provides by Debian I guess. The
package in Buster is maintained and according to
https://www.openssl.org/source/
it is supported until 11th September 2023. I don't know how long 1.0.2
is supported but this is paid support / nothing official afaik.
If you have any concern, best you contact your package supplier.
Sebastian
More information about the Pkg-openssl-devel
mailing list