Currently the newest version of OpenSSL shipped with any SLES release is 1.0.1x however, OpenSSL devs have encouraged customers to migrate to 1.0.2. One reason is that 1.0.2 supports ALPN. Why does this matter?
Well, on May 31st, Google will push out a Chrome update that will use ALPN to negotiate HTTP/2 connections instead of HTTP/1.x. If you’re thinking “who cares?” then just move along. But for those that rely of the optimizations of HTTP/2 in their applications, this will be a BIG deal. This is particularly going to affect people running multiple JeOS containers. Currently it appears that only Ubuntu 16.04LTS has migrated to OpenSSL 1.0.2x by including 1.0.2g. I’d rather poke myself in the eye than use Ubuntu in an Enterprise environment (or any environment for that matter) but this will be an issue for users, developers, and those of us trying to get customers to stay on or migrate to SLES over other vendor solutions.
IMO, SUSE needs to migrate all currently supported SLES releases to OpenSSL 1.0.2x and release the update before the end of the month.
BTW, I tried bringing this issue to SUSE’s attention on the Enterprise support line, but they basically gave me a “meh” and told me to send an e-mail or post here.