Program works with older libssl, but not with newer

Viktor Dukhovni openssl-users at dukhovni.org
Tue Mar 31 09:58:00 UTC 2020


On Tue, Mar 31, 2020 at 11:27:27AM +0200, Christoph Pleger wrote:

> I have here a self-written server program and the corresponding self-written 
> client program. These run well together with libssl 1.1.0l, but with libssl 
> 1.1.1d, the same programs give errors SSL_ERROR_SYSCALL in SSL_read(), no 
> matter if I recompile the programs and then run them, or just replace libssl 
> with the newer version. 

OpenSSL 1.1.1 supports TLS 1.3, which OpenSSL 1.1.0 did not.

> So, I want to ask if there are any known incompabilities in the libssl 
> versions that require me to change the code of the programs, or if there is 
> any known bug in libssl1.1.1d that may cause the mentioned errors.

Use of TLS 1.3 changes the communication patterns of the TLS protocol in
some non-trivial ways, and, if your application were fragile, it might
have gotten by with TLS 1.2, but the latent bugs could show up with TLS
1.3.

You can test with TLS 1.3 disabled and see whether the makes a
difference.  If it does, you will then need to debug your program and
see where it fails with TLS 1.3.

There are other improvements and bug fixes, but no known fundamental
obstacles to running robustly implemented clients built for 1.1.0
against 1.1.1 libraries.

-- 
    Viktor.


More information about the openssl-users mailing list