github-starred/barrier
2
0
Fork 0
mirror of https://github.com/debauchee/barrier.git synced 2026-05-15 14:16:02 -06:00
Code Issues 1.0k Projects Packages Wiki Activity Actions

[GH-ISSUE #898] Update OpenSSL #715

New issue
Open
opened 2026-05-05 06:59:15 -06:00 by gitea-mirror · 7 comments
gitea-mirror commented 2026-05-05 06:59:15 -06:00
Owner
Copy link

Originally created by @ccoenen on GitHub (Oct 4, 2020).
Original GitHub issue: https://github.com/debauchee/barrier/issues/898

OpenSSL in ext/openssl hasn't been touched in three years. At the same time, TLS1.2 is currently configured as the maximum version. Judging from the commit messages, it is currently v1.0.2l from may 2017.

I would love to see this updated to a recent version, and especially deactivating TLSv1.0 and TLSv1.1 (maybe even enabling TLSv1.3 along the way).

Also, I believe, references to "SSL" in the user interface should really be updated to say "TLS" as well.

Originally created by @ccoenen on GitHub (Oct 4, 2020). Original GitHub issue: https://github.com/debauchee/barrier/issues/898 OpenSSL in `ext/openssl` hasn't been touched in three years. At the same time, TLS1.2 is currently configured as the maximum version. Judging from the commit messages, it is currently [v1.0.2l from may 2017](https://github.com/openssl/openssl/blob/master/CHANGES.md#changes-between-102k-and-102l-25-may-2017). I would love to see this updated to a recent version, and especially deactivating TLSv1.0 and TLSv1.1 (maybe even enabling TLSv1.3 along the way). Also, I believe, references to "SSL" in the user interface should really be updated to say "TLS" as well.
gitea-mirror commented 2026-05-05 06:59:19 -06:00
Author
Owner
Copy link

@shymega commented on GitHub (Oct 4, 2020):

OpenSSL is in progress of being updated.

<!-- gh-comment-id:703282031 --> @shymega commented on GitHub (Oct 4, 2020): OpenSSL is in progress of being updated.
gitea-mirror commented 2026-05-05 06:59:21 -06:00
Author
Owner
Copy link

@shymega commented on GitHub (Oct 4, 2020):

Unfortunately, I can't release anymore information on that front because of the way its been handled. I think I can't anyway... but with the UI part, I think I can push a commit for that :)

EDIT: Just looking at it now though - I can only really edit the English translation for that part of the UI. There's a fair bit of unfinished translations for the SSL text references on the UI, and other elements.

I'll edit the English translation for now.

<!-- gh-comment-id:703293786 --> @shymega commented on GitHub (Oct 4, 2020): Unfortunately, I can't release anymore information on that front because of the way its been handled. I think I can't anyway... but with the UI part, I think I can push a commit for that :) EDIT: Just looking at it now though - I can only really edit the English translation for that part of the UI. There's a fair bit of unfinished translations for the SSL text references on the UI, and other elements. I'll edit the English translation for now.
gitea-mirror commented 2026-05-05 06:59:24 -06:00
Author
Owner
Copy link

@shymega commented on GitHub (Oct 4, 2020):

Actually, now that I think about it.. I'm not sure if we even use TLS in Barrier. :/

<!-- gh-comment-id:703308576 --> @shymega commented on GitHub (Oct 4, 2020): Actually, now that I think about it.. I'm not sure if we even use TLS in Barrier. :/
gitea-mirror commented 2026-05-05 06:59:26 -06:00
Author
Owner
Copy link

@shymega commented on GitHub (Oct 4, 2020):

Oops. Yeah, we don't. Should have realised - gonna go close #901, and we can reopen and merge once we have TLS support... sorry for the confusion.

<!-- gh-comment-id:703308679 --> @shymega commented on GitHub (Oct 4, 2020): Oops. Yeah, we don't. Should have realised - gonna go close #901, and we can reopen and merge once we have TLS support... sorry for the confusion.
gitea-mirror commented 2026-05-05 06:59:27 -06:00
Author
Owner
Copy link

@ccoenen commented on GitHub (Oct 4, 2020):

Actually, now that I think about it.. I'm not sure if we even use TLS in Barrier. :/

My client inists (via log) that it connects via TLS 1.2

connecting to ...
...
"connected to secure socket"
AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD

I would have assumed that this means it's connected via this cipher suite?

<!-- gh-comment-id:703331904 --> @ccoenen commented on GitHub (Oct 4, 2020): > Actually, now that I think about it.. I'm not sure if we even use TLS in Barrier. :/ My client inists (via log) that it connects via TLS 1.2 ``` connecting to ... ... "connected to secure socket" AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD ``` I would have assumed that this means it's connected via this cipher suite?
gitea-mirror commented 2026-05-05 06:59:28 -06:00
Author
Owner
Copy link

@seeu3 commented on GitHub (Nov 2, 2021):

BUMP!

Update OpenSSL #898

MAIN request:
-update OPENSSL to the current version. (current versions are 1.1.1L, or the new 3.0.0 branch)
reason: multiple vulnerabilities have been patched since OpenSSL 1.0.2L 25 May 2017
example: https://www.cybersecurity-help.cz/vulnerabilities/56064/
solution1 : update the codebase to use a new version of openssl
solution2 : inform users of each vulnerability, and/or perhaps recommend stunnel for encrypted traffic.

Other requests:
-deactivate TLSv1.0 and TLSv1.1 (and TLSv1.2?)
-references to "SSL" in the user interface should really be updated to say "TLS" as well

Please, at your earliest convenience, address the main request.
Much appreciated.

<!-- gh-comment-id:957168505 --> @seeu3 commented on GitHub (Nov 2, 2021): BUMP! Update OpenSSL #898 MAIN request: -update OPENSSL to the current version. (current versions are 1.1.1L, or the new 3.0.0 branch) reason: multiple vulnerabilities have been patched since OpenSSL 1.0.2L 25 May 2017 example: https://www.cybersecurity-help.cz/vulnerabilities/56064/ solution1 : update the codebase to use a new version of openssl solution2 : inform users of each vulnerability, and/or perhaps recommend stunnel for encrypted traffic. Other requests: -deactivate TLSv1.0 and TLSv1.1 (and TLSv1.2?) -references to "SSL" in the user interface should really be updated to say "TLS" as well Please, at your earliest convenience, address the main request. Much appreciated.
gitea-mirror commented 2026-05-05 06:59:29 -06:00
Author
Owner
Copy link

@shymega commented on GitHub (Nov 3, 2021):

It's being discussed... can't say too much on it. I recognise it is insecure though. I have worked on a CMake patch for it. Ideally, I don't want OpenSSL bundled, as it ends up being unmaintained.

<!-- gh-comment-id:959330909 --> @shymega commented on GitHub (Nov 3, 2021): It's being discussed... can't say too much on it. I recognise it is insecure though. I have worked on a CMake patch for it. Ideally, I don't want OpenSSL bundled, as it ends up being unmaintained.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
enhancement/builds/windows-multi-versions-build
martin-furter-barrier-term
enhancement/builds/macos-universal
enhancement/builds/macos-universal-qt6-test
2.3.x
fix/lang-translation/ssl-slash-tls
feature/build/compile/32-bit
feature/build/compile/armv7
testing-framework
README-update
remotes/fork/README-update
remotes/fork/smartzeroconf
smartzeroconf
pages-devel
remotes/fork/pages-devel
pkgconfig
remotes/fork/pkgconfig
release
remotes/fork/release
v2.4.0
v2.3.4
v2.3.3
1.11.0-stable
v1.11.0-rc2
v2.3.2
v1.10.3-stable
v2.3.2-alpha
v2.3.1
v2.3.0
v1.10.2-stable
v1.10.2-rc1
v1.10.2-rc2
v2.1.2
v2.0.8-beta
v2.0.7-beta
v2.0.4-beta
v2.0.3-beta
v2.1.1
v2.1.0
v1.9.1-stable
v2.0.0
v1.9.0-stable
v2.0.0-RC2
v2.0.0-RC1
v2.0.0-stable
v1.8.8-stable
v1.8.7-stable
v1.8.6-stable
v1.8.5-stable
v1.8.4-stable
v1.8.3-stable
v1.8.1-stable
v1.8.0-beta
v1.7.3-stable
v1.7.2-stable
v1.7.1-stable
1.7.0
1.6.3-final
1.6.2
1.6.1
1.6.0
Labels
Clear labels   
HiDPI

   
bounty

   
bsd/freebsd

   
bsd/openbsd

   
bug

   
bug

   
build-infra

   
cantfix

   
critical

   
doc

   
duplicate

   
enhancement

   
fix-available

   
from git

   
from release

   
good first issue

   
help wanted

   
installer/package

   
invalid

   
linux

   
macOS

   
meta

   
needs testing

   
pull-request

Mirrored from GitHub Pull Request

  
query

   
question

   
regression

   
regression

   
v2.4.0

   
windows

   
wontfix

   
work-in-progress
No labels
HiDPI
bounty
bsd/freebsd
bsd/openbsd
bug
bug
build-infra
cantfix
critical
doc
duplicate
enhancement
fix-available
from git
from release
good first issue
help wanted
installer/package
invalid
linux
macOS
meta
needs testing
pull-request
query
question
regression
regression
v2.4.0
windows
wontfix
work-in-progress
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/barrier#715
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?