I received notification for updates Code: The following packages will be upgraded: php php-bcmath php-bz2 php-cgi php-common php-curl php-fpm php-gd php-imap php-json php-ldap php-mbstring php-mysql php-snmp php-soap php-xml php-zip The following packages will be DOWNGRADED: libssl-dev libssl1.1 openssl On checking Ondrej Sury noted this: Code: php-defaults (82) unstable; urgency=medium * The custom src:eek:penssl packages were introduced to upgrade the cryptographic functions for PHP, Apache2 and NGINX, but the situation have improved greatly since. Ubuntu 16.04 LTS will reach end-of-life in April 2021 and it was the last distribution using OpenSSL 1.0.2. Debian 9 Stretch LTS will reach end-of-life in June 2022 and it is using OpenSSL 1.1.0 (which just means TLS 1.3). * The php-common package now introduces custom apt_preferences configuration in /etc/apt/preferences.d/php-common.pref that should enforce downgrade of the src:eek:penssl packages to the OpenSSL version provided by the distribution. After this version of php-common is installed, the next manual apt-get dist-upgrade run will downgrade the OpenSSL version, but you are advised to check this manually if the downgrade has happened. -- Ondřej Surý <[email protected]> Thu, 04 Mar 2021 11:08:54 +0100 Should we downgrade them (libssl-dev libssl1.1 openssl)?
