18.04 LTS GA to ship with both openssl 1.1.0 and 1.0.2.
OpenSSL 1.1.0 will be the default and majority packages will use it.
When I say majority, i mean:
* everything in main
* except for openssh & possibly strongswan
About 1/4 of package in universe will be using 1.0.2 openssl.
If and when, OpenSSL 1.1.1 with TLS v1.3 is released, security team will be evaluating if we can integrate it, and into which releases.
For completeness of coverage, and consistent libssl/libcrypto performance, I think it does make sense to integrate the 1.0.2 patches backports - would you agree?
So, the current plan is as follows:
18.04 LTS GA to ship with both openssl 1.1.0 and 1.0.2.
OpenSSL 1.1.0 will be the default and majority packages will use it.
When I say majority, i mean:
* everything in main
* except for openssh & possibly strongswan
About 1/4 of package in universe will be using 1.0.2 openssl.
If and when, OpenSSL 1.1.1 with TLS v1.3 is released, security team will be evaluating if we can integrate it, and into which releases.
For completeness of coverage, and consistent libssl/libcrypto performance, I think it does make sense to integrate the 1.0.2 patches backports - would you agree?