[openssl-dev] Windows Patch affecting connectivity to our applications

[Matt Caswell]

On 15/04/16 09:15, Thirumal, Karthikeyan wrote:
> Dear Dev folks,
> 
> My clients are facing are connectivity issues after windows released
> their OS upgrade this week. I think they have changed the way the SSL
> handshake happens.
> 
> My Server is using openssl-0.9.8a and my client sits on a Microsoft
> platform.
> 
>  
> 
> From OpenSSL – do we have a recommendation to overcome this connectivity
> issue that started after the Microsoft patch ? Please confirm.

We have not had other reports of this issue, so I have no specific
recommendation. However openssl-0.9.8a is a *very* old version of
OpenSSL (released October 2005). The 0.9.8 series is out of support and
is no longer receiving security bug fixes. Your server is almost
certainly vulnerable to significant security defects. You should upgrade
to a supported version as soon as possible. As we have not had other
reports of this problem this is likely to solve your Microsoft issue too.

Matt



> 
>  
> 
>  
> 
> Thanks & Regards
> ________________________
> Karthikeyan Thirumal
> 
>  
> 
> 
> ******************************************************
> This message and any files or attachments sent with this message contain
> confidential information and is intended only for the individual named.
> If you are not the named addressee, you should not disseminate,
> distribute, copy or use any part of this email. If you have received
> this message in error, please delete it and all copies from your system
> and notify the sender immediately by return Email.
> 
> Email transmission cannot be guaranteed to be secure or error-free as
> information can be intercepted, corrupted, lost, destroyed, late,
> incomplete or may contain viruses. The sender, therefore, does not
> accept liability for any errors or omissions in the contents of this
> message, which arise as a result of email transmission.
> ******************************************************
> 
>