Skip to content

Commit

Permalink
Merge pull request #290 from ipdk-io/openssl-upgrade-doc
Browse files Browse the repository at this point in the history
Adding documentation for OpenSSL upgrade
  • Loading branch information
5abeel authored Sep 25, 2023
2 parents d2d21fd + 1acbe0b commit 72cfb2f
Show file tree
Hide file tree
Showing 5 changed files with 42 additions and 0 deletions.
26 changes: 26 additions & 0 deletions docs/guides/security/openssl-guide.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
# OpenSSL Guide

This document provides information about supported OpenSSL versions and
security details that you need to consider.

OpenSSL is a package dependency, as infrap4d uses the library for gRPC.

## End of Life for OpenSSL 1.1.1

OpenSSL 1.1.1 has reached End of Life (EOL) in September 2023.

It is highly recommended that you upgrade OpenSSL from 1.1.1x to OpenSSL 3.x.
See the [official migration guide](https://www.openssl.org/docs/man3.0/man7/migration_guide.html)
for more information.

Beginning with Fedora 37, Ubuntu 22.04, and Rocky Linux 9.0, OpenSSL 3.0.x comes
standard and requires no further action.

Older distributions of Linux systems download and install OpenSSL 1.1.1 when
you run the `yum install` or `apt install` command. If you are using one of these
distributions, you will need to find an RPM or DEB package to install
or build OpenSSL 3.x from source.

Note that infrap4d will compile and run normally with OpenSSL 1.1.1, since
OpenSSL 3.0 is backward compatible. In the interest of following best security practices
and avoiding future security issues, we recommend upgrading to OpenSSL 3.0.
5 changes: 5 additions & 0 deletions docs/guides/setup/dpdk-setup-guide.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,11 @@ For build instructions, see [P4 SDE Readme](https://github.com/p4lang/p4-dpdk-ta

### Install basic utilities

See the [OpenSSL security guide](/guides/security/openssl-guide.md)
for OpenSSL version and EOL information.

---

```bash
For Fedora distro: yum install libatomic libnl3-devel openssl
For Ubuntu distro: apt install libatomic1 libnl-route-3-dev openssl
Expand Down
5 changes: 5 additions & 0 deletions docs/guides/setup/es2k-setup-guide.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,11 @@ For the ACC, see [Building for the ES2K ACC](/guides/building-for-es2k-acc).

### Install basic utilities

See the [OpenSSL security guide](/guides/security/openssl-guide.md)
for OpenSSL version and EOL information.

---

For a Fedora system:

```bash
Expand Down
5 changes: 5 additions & 0 deletions docs/guides/setup/tofino-setup-guide.md
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,11 @@ docker exec -it infrap4d bash

### Install basic utilities

See the [OpenSSL security guide](/guides/security/openssl-guide.md)
for OpenSSL version and EOL information.

---

```bash
apt-get update
apt-get install sudo git cmake autoconf gcc g++ libtool python3 python3-dev python3-distutils iproute2 libssl-dev
Expand Down
1 change: 1 addition & 0 deletions docs/index.rst
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@ P4 Control Plane User Guide

guides/security/security-guide
guides/security/using-tls-certificates
guides/security/openssl-guide

.. toctree::
:maxdepth: 1
Expand Down

0 comments on commit 72cfb2f

Please sign in to comment.