Is there yet a clean way to upgrade to OpenSSL 1.1.1?

Bill Cole macportsusers-20171215 at
Thu Apr 18 21:05:10 UTC 2019

It's about time to get everything off the soon-to-be-EOL'd OpenSSL 1.0.2 
and onto 1.1.1, particularly with so-called 'security scanners' scolding 
for lack of TLSv1.3 support. I was happy to see the advent of openssl10 
and openssl11 ports which purport to simplify migration, but it's not 
clear to me how that is true...

I also see, which 
is a WIP but it looks like people are testing against it?

Anyway: I have a SnowLeopard machine doing utility server work (Postfix, 
Apache, Dovecot, BIND) which I'd like to update, but it is not clear to 
me how (or even whether) it is possible to build 1.1.1 and use it to 
build all the relevant dependents without taking down services for the 
extended period it will take to build the dependency chain between 
OpenSSL and each of them. On a 2006 1st-gen Core Duo, this is likely to 
be measured in hours of aggregate downtime.

Is there some approach that I'm not seeing to build against the new 
version while leaving services that use the old version (and spawn 
worker children while running) up and functional?

Bill Cole
bill at or billcole at
(AKA @grumpybozo and many * addresses)
Available For Hire:

More information about the macports-users mailing list