replace oqs-openssl111

[baentsch]

With https://github.com/openssl/openssl/pull/19312 merged, oqs-provider together with OpenSSL3 (master) now deliver the same level of functionality as oqs-openssl111. This issue is to propose replacing oqs-openssl111 with openssl3+oqs-provider where possible in the demos.

Applicable integrations (tick if done) -- suggested order of importance

• [x] openssl3
• [x] OpenVPN
• [x] curl
• [x] nginx
• [x] httpd
• [x] epiphany
• [ ] envoy
• [x] quic
• [ ] mosquitto
• [x] ngtcp2
• [ ] unbound ~- [ ] haproxy~

Not applicable: Wireshark, Chromium, openssh, openlitespeed

[baentsch]

haproxy testing (via curl) now fails as haproxy is still using oqs-openssl111 and we severed the "interoperability tie" between oqs-provider (used by curl) and oqs-openssl111 (used by haproxy).

Question thus: Would anyone mind we drop haproxy from the list of supported (and tested) integrations (until someone finds time and interest again to support it -- via new PR)?

[baentsch]

Given today's decision to keep supporting oqs-openssl111 work on this topic is put on the backburner. I personally would very much welcome other's contributions regarding maintenance of oqs-openssl111.

[baentsch]

@dr7ana @igorbarshteyn @Keelan10 @chiachin2686 @ryndia You all kindly contributed oqs-openssl111 integrations to oqs-demos and we'd like to ask whether you'd also be willing to help move these to opensslv3.

Background: With the EOL notice by OpenSSL we're now also bringing support for oqs-openssl111 to an end. Therefore, this issue is to track the migration of all integrations towards openssl v3 and oqs-provider. I basically did this for all checked items (just completed epiphany in #209 -- so it may serve as an example what the update entails) but am unsure I find the time before September (OpenSSL111 EOL) to do it for all integrations, so I'd be grateful if you could consider helping with this.

[dr7ana]

I would love to help! I will also take another look at the image size issue we had discussed previously. I've had a lot on my plate starting a new position (as I'm sure you do as well normally), but I will prioritize this for July without issue, thank you for your patience

[baentsch]

@dr7ana Thank you very much! By all means, prioritize your new job! Your contribution will be very welcome any time!

[baentsch]

OpenSSL111 has gone end of life. The demos not yet moved off OpenSSL111 should be sunset, too. Until someone finds time to do the upgrade of envoy, quic and mosquitto I'd suggest to drop them from the list of supported integrations (and of CI), similar to haproxy that also has nobody interested in supporting it any more.

[dr7ana]

@baentsch I know I'm apologizing for the umpteenth time for not getting this done, but I will do it soon I promise! I will also fix the oversize binary issue

[baentsch]

@baentsch I know I'm apologizing for the umpteenth time for not getting this done, but I will do it soon I promise! I will also fix the oversize binary issue

Absolutely no reason to apologize. We all do this on our spare time and voluntarily -- and at least I am grateful for any contribution, regardless of timing. All I want to achieve with the above is set proper user expectations.

[baentsch]

Tagging @johnma14 fyi

[johnma14]

@baentsch I just got to see this message now. For some reason, I never got any notification. I will work on updating the HAProxy demo.