Given that cfengine2 no longer get any upstream development, as far as I know, I guess the easiest and most sensible way to fix this is to build with libssl1.0-dev for now. If cfengine2 is still needed in Stretch+1 someone should consider to port the code to openssl 1.1.
Debian Edu still uses cfengine2, and would very much like to see it still available in Stretch. If this patch is applied, this BTS report should have its severity lowered to important or normal. diff -ur cfengine2-2.2.10/debian/control cfengine2-2.2.10-pere/debian/control --- cfengine2-2.2.10/debian/control 2016-08-21 08:24:15.000000000 +0000 +++ cfengine2-2.2.10-pere/debian/control 2016-12-07 22:14:28.911881217 +0000 @@ -3,7 +3,7 @@ Priority: optional Maintainer: Antonio Radici <anto...@debian.org> Build-Depends: debhelper (>= 7.0.50), autoconf, automake, autotools-dev, - bison, dh-autoreconf, flex, libdb-dev, libssl-dev, libtool, perl (>= 5), + bison, dh-autoreconf, flex, libdb-dev, libssl1.0-dev, libtool, perl (>= 5), po-debconf, texinfo, quilt, libselinux1-dev [linux-any] Standards-Version: 3.9.8 Homepage: http://www.cfengine.org/ -- Happy hacking Petter Reinholdtsen
