[openssl-users] openssl shared libs

Salz, Rich rsalz at akamai.com
Thu Jun 23 12:14:09 UTC 2016


> Now my company is (T) and we don't want to leak (V)'s session key.
> You may assume that our binary is protected state of the art agains debugger attacks and stuff.
> So the only question is if the shared openssl library makes the tool more vulnerable?

You cannot prevent someone from changing what the software that runs on their computer. You can only make it harder. 
Shared libraries are easier for a user to replace; static libraries are harder.



More information about the openssl-users mailing list