envoy-openssl icon indicating copy to clipboard operation
envoy-openssl copied to clipboard
verified publisher icon envoyproxy

Early Adoption the Envoy OpenSSL Version

Open thekief opened this issue 2 years ago • 9 comments

As you probably have seen by the other opened issue [1], I am interested in getting the Envoy up and running with the OpenSSL extension. With OpenSSL 1.1.1 being EOL now, Maistra is not a feasible approach for us anymore, so we are looking into early-adopting envoy with the OpenSSL extension.

Me and my colleague monitored the changes you introduced over the last couple months, getting closer to a fully working server. We have seen (and tested) that there are currently a few things open, such as the missing mapping of some BoringSSL errors to OpenSSL ones. We are wondering, if we can help expedite the stabilisation process, to get a bit faster to a fully working release; may it be code contributions or testing, we would like to help a bit.

[1] https://github.com/envoyproxy/envoy-openssl/issues/66

thekief avatar Oct 12 '23 11:10 thekief

We are in the final stages of getting a clean build.

It would be fantastic to have someone looking over the build and testing.

twghu avatar Oct 12 '23 11:10 twghu

I am not lying, telling you right now that you made my day. Do you have a an approximate timeline when we can look into it? We would not mind applying patches, etc. on my own to get things started.

thekief avatar Oct 12 '23 12:10 thekief

Let's organize a chat/meet to discuss how we can collaborate.

twghu avatar Nov 13 '23 14:11 twghu

Sorry for my late answer. I will contact you on your committer email, this way we will not clutter the Github issues with any unnecessary information.

thekief avatar Nov 24 '23 12:11 thekief

Please do include me, I will be interested in building and testing on s390x architecture.

vasudev-chavan1 avatar Dec 06 '23 10:12 vasudev-chavan1

As you probably have seen by the other opened issue [1], I am interested in getting the Envoy up and running with the OpenSSL extension. With OpenSSL 1.1.1 being EOL now, Maistra is not a feasible approach for us anymore, so we are looking into early-adopting envoy with the OpenSSL extension.

Me and my colleague monitored the changes you introduced over the last couple months, getting closer to a fully working server. We have seen (and tested) that there are currently a few things open, such as the missing mapping of some BoringSSL errors to OpenSSL ones. We are wondering, if we can help expedite the stabilisation process, to get a bit faster to a fully working release; may it be code contributions or testing, we would like to help a bit.

[1] #66

@thekief do your know is this Maistra have any plan to support the openssl 3.0 ?

wufanqqfsc avatar Dec 13 '23 13:12 wufanqqfsc

@wufanqqfsc you might swap OpenSSL 1.1.1 for OpenSSL 3.0 if you really need to continue with Maistra but as the future is this repository, I highly doubt that there will be any official support for it.

thekief avatar Dec 13 '23 13:12 thekief

@thekief yes, that's also we want to do . May be swap OpenSSL 1.1.1 for OpenSSL 3.0 is a much better choice. there is no official release now for this project "enovoy-openssl" . Anyway, the community of "Maistra " seems not very friendly, we have no channel to ask questions and send request.

wufanqqfsc avatar Dec 14 '23 01:12 wufanqqfsc

Regarding OpenSSL Versions, we are only supporting OpenSSL 3. Initially 3.0, although we expect to move to 3.1 in subsequent releases.

twghu avatar Jan 08 '24 05:01 twghu