PDA

View Full Version : SLES 12 OpenSSL 1.0.2 required for ALPN support - is it coming?



TheRealTachyon
17-May-2016, 17:48
Currently the newest version of OpenSSL shipped with any SLES release is 1.0.1x however, OpenSSL devs have encouraged customers to migrate to 1.0.2. One reason is that 1.0.2 supports ALPN. Why does this matter?
Well, on May 31st, Google will push out a Chrome update that will use ALPN to negotiate HTTP/2 connections instead of HTTP/1.x. If you're thinking "who cares?" then just move along. But for those that rely of the optimizations of HTTP/2 in their applications, this will be a BIG deal. This is particularly going to affect people running multiple JeOS containers. Currently it appears that only Ubuntu 16.04LTS <cough> has migrated to OpenSSL 1.0.2x by including 1.0.2g. I'd rather poke myself in the eye than use Ubuntu in an Enterprise environment (or any environment for that matter) but this will be an issue for users, developers, and those of us trying to get customers to stay on or migrate to SLES over other vendor solutions.

IMO, SUSE needs to migrate all currently supported SLES releases to OpenSSL 1.0.2x and release the update before the end of the month.

More info here:
https://ma.ttias.be/day-google-chrome-disables-http2-nearly-everyone-may-31st-2016/ (The Day Google Chrome disables HTTP/2 for nearly everyone)


BTW, I tried bringing this issue to SUSE's attention on the Enterprise support line, but they basically gave me a "meh" and told me to send an e-mail or post here.

smflood
18-May-2016, 22:39
On 17/05/2016 17:54, TheRealTachyon wrote:

> Currently the newest version of OpenSSL shipped with any SLES release is
> 1.0.1x however, OpenSSL devs have encouraged customers to migrate to
> 1.0.2. One reason is that 1.0.2 supports ALPN. Why does this matter?
> Well, on May 31st, Google will push out a Chrome update that will use
> ALPN to negotiate HTTP/2 connections instead of HTTP/1.x. If you're
> thinking "who cares?" then just move along. But for those that rely of
> the optimizations of HTTP/2 in their applications, this will be a *BIG*
> deal. This is particularly going to affect people running multiple JeOS
> containers. Currently it appears that only Ubuntu 16.04LTS <cough> has
> migrated to OpenSSL 1.0.2x by including 1.0.2g. I'd rather poke myself
> in the eye than use Ubuntu in an Enterprise environment (or any
> environment for that matter) but this -will- be an issue for users,
> developers, and those of us trying to get customers to stay on or
> migrate to SLES over other vendor solutions.
>
> IMO, SUSE needs to migrate all currently supported SLES releases to
> OpenSSL 1.0.2x and release the update before the end of the month.
>
> More info here:
> 'https://ma.ttias.be/day-google-chrome-disables-http2-nearly-everyone-may-31st-2016/'
> (The Day Google Chrome disables HTTP/2 for nearly everyone)
>
>
> BTW, I tried bringing this issue to SUSE's attention on the Enterprise
> support line, but they basically gave me a "meh" and told me to send an
> e-mail or post here.

Let me ask my contacts at SUSE. I'll post back when I hear something.

HTH.
--
Simon
SUSE Knowledge Partner