apt-get dist-upgrade downgrades OpenSSL - question

Discussion in 'ISPConfig 3 Priority Support' started by schmidtedv, Mar 23, 2021.

  1. schmidtedv

    schmidtedv Member HowtoForge Supporter

    Maybe not a Problem, but after my last dist-upgrade on Debian Buster the OpenSSL Library got downgraded to OpenSSL 1.1.1d 10 Sep 2019 while the OpenSSL Header stays unchanged (OpenSSL 1.1.1j 16 Feb 2021). Am I expecting any problems with it (ISPConfig, LetsEncrypt, etc.) or can I just forget about it?

    Code:
    php-defaults (82) unstable; urgency=medium
    
      * The custom src:openssl packages were introduced to upgrade the
        cryptographic functions for PHP, Apache2 and NGINX, but the situation
        have improved greatly since.  Ubuntu 16.04 LTS will reach end-of-life
        in April 2021 and it was the last distribution using OpenSSL 1.0.2.
        Debian 9 Stretch LTS will reach end-of-life in June 2022 and it is
        using OpenSSL 1.1.0 (which just means TLS 1.3).
    
      * The php-common package now introduces custom apt_preferences
        configuration in /etc/apt/preferences.d/php-common.pref that should
        enforce downgrade of the src:openssl packages to the OpenSSL version
        provided by the distribution.  After this version of php-common is
        installed, the next manual apt-get dist-upgrade run will downgrade the
        OpenSSL version, but you are advised to check this manually if the
        downgrade has happened.
    
     -- Ondrej Surý <[email protected]>  Thu, 04 Mar 2021 11:08:54 +0100
    
    OpenSSL 1.1.1j  16 Feb 2021
    Die folgenden Pakete werden durch eine ÄLTERE VERSION ERSETZT (Downgrade):
      libssl1.1 openssl
    OpenSSL 1.1.1d
     
  2. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    I've not seen any issues after downgrading.
     
  3. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    This should happen and should not cause any trouble.
     
  4. schmidtedv

    schmidtedv Member HowtoForge Supporter

    Ok, thanks, I was just wondering because Library and Header don't match anymore (althoug the internal Version "1.1.1" is still the same, so this might be fine).
     

Share This Page