Openssl 3.0 / Openssl 1.1 at the same time in the same process
Matt Caswell
matt at openssl.org
Fri Jun 30 13:35:55 UTC 2023
On 30/06/2023 13:59, Frank Gross wrote:
> Hi, my company will soon update our product to work with openssl 3.0,
> delivered within the product. It is basically one process that loads
> dynamically that openssl 3.0 lib to manage https communication. But the
> process can also load dynamically (via configuration) database client
> drivers installed on a computer. (Mainly to perform secure connection
> with the database engine). But those database drivers are linked with
> the openssl version of the system. That is mainly openssl version 1.1.
>
> We did some tests and both openssl libraries (v3.0 and v1.1) can be
> loaded at the same time in the same process, and seems to work without
> any issue.
>
> What is your opinion about loading 2 different versions of the openssl
> in one single process ? Is this something you recommend ? support ?
I've seen "bad things" happen with two different versions of OpenSSL
loaded at the same time. Usually I've seen it where statically linked
OpenSSL is used as well as a dynamically linked OpenSSL (as opposed to
two different dynamically linked versions of OpenSSL being loaded)
This is a very much "untested" configuration. I wouldn't recommend it.
>
> What is the strategy about migrating from openssl 1.1 to openssl 3.0 ?
>
See:
https://www.openssl.org/docs/man3.0/man7/migration_guide.html
Matt
> Thanks,
>
> Frank Gross
>
More information about the openssl-users
mailing list