This week, OpenSSL 1.1 has reached Debian Sid. It’s also the version currently on Fedora rawhide.
Rust crates using OpenSSL use the
openssl crate, generally
^0.7. This 0.7 branch isn’t compatible with OpenSSL 1.1.
That means out of the box, any Rust application using the 0.7 version of the
openssl crate doesn’t compile on Debian Sid or Fedora Rawhide. This includes Hyper, so it’s a large issue for the Rust web applications.
To fix this, crates could updated to
openssl 0.9 crate is compatible both with OpenSSL 1.0.1 and OpenSSL 1.1 branch.
We also should do this migration rather quickly to avoid the issues to have half the crates on openssl 0.9, the other half stuck to 0.7.
This update isn’t always trivial. The API of the openssl create has been modified, for example the error handling. A migration guide from openssl 0.7 to openssl 0.9 would be welcome.
Add to that the OpenSSL 1.1 API changed too. For example TLS is now “TLS” and not “Sslv23” anymore.
Current state of OpenSSL 1.1 among OS and distros
Debian and Fedora release versions (including Fedora 25) still use OpenSSL 1.0. Next versions will use OpenSSL 1.1 : Fedora 26 is for June (2017-06-06), Debian Stretch release date not yet announced.
If we look to the distributions where rolling release is the preferred model, Arch is still 1.0, but is marked outdated.
FreeBSD currently maintain a security/openssl port at 1.0 version, a security/openssl-devel port at 1.1.