openssl 1.1.1 EOL会如何影响boringssl / netty-tcnative-boringssl-static?

huangapple go评论72阅读模式
英文:

How is openssl 1.1.1 EOL going to affect boringssl / netty-tcnative-boringssl-static?

问题

我的项目依赖于netty-tcnative-boringssl-static以实现内存效率。据我所知,boringssl是从openssl 1.1.1分叉出来的,后者即将到达生命周期终点。我想知道这可能会如何影响boringssl,以及通过传递netty-tcnative-boringssl-static。我能否期望boringssl / netty-tcnative-boringssl-static会继续获得安全补丁?

希望有来自Google's boringssl团队的人能提供一些信息。

英文:

My project relies on netty-tcnative-boringssl-static for memory efficiency. From what I can tell, boringssl was forked from openssl 1.1.1, which is soon reaching end of life. I'd like to know how this might affect boringssl, and transitively netty-tcnative-boringssl-static. Can I expect boringssl / netty-tcnative-boringssl-static to continue with security patches?

Hoping that someone from Google's boringssl team can provide some information.

答案1

得分: 0

BoringSSL旨在与OpenSSL 1.1.1兼容,但定期接收更新。因此,OpenSSL 1.1.1的终止对BoringSSL没有影响。至于netty-tcnative,它会在每次发布新版本时更新其BoringSSL版本(引入最新的chromium-stable BoringSSL分支——文档)。在撰写本文时,chromium-stable分支最后一次更新是在2023年2月,因此它一直在接收更新。

只要你保持与netty发布的最新版本同步,你不必担心OpenSSL 1.1.1的终止。

英文:

While BoringSSL aims to have OpenSSL 1.1.1 compatibility, it is regularly receiving updates. Therefore the OpenSSL 1.1.1 end of life means nothing for BoringSSL. As for netty-tcnative, it updates its version of BoringSSL each time a new version is released (pulling in the latest chromium-stable BoringSSL branch -- docs). At the time of this writing, the chromium-stable branch was last updated in Feb 2023 so it is consistently receiving updates.

openssl 1.1.1 EOL会如何影响boringssl / netty-tcnative-boringssl-static?

As long as you are staying up to date with netty releases, you shouldn't have to worry about OpenSSL 1.1.1's end of life.

huangapple
  • 本文由 发表于 2023年5月17日 17:41:55
  • 转载请务必保留本文链接:https://go.coder-hub.com/76270687.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定