[openssl-dev] Windows Patch affecting connectivity to our applications

Thirumal, Karthikeyan KThirumal at inautix.co.in
Fri Apr 15 09:33:48 UTC 2016 

Yes Matt - I agree that it is a very old / low version that we are using. We faced few memory issues with the 0.9.8zc - so we backed out and lived with 9.8a.
In addition we are also planning to terminate SSL at F5 rather than our Server - so we did not really care about the lower version.

Am still unclear what is the patch that MS released on April 12 that is affecting the SSL communication ? 

Some more info -  My F5 version in test region uses 0.9.8e version and connectivity is working fine. Can you clarify the SSL related differences between 8a and 8e ?

Thanks & Regards
________________________
Karthikeyan Thirumal

-----Original Message-----
From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Matt Caswell
Sent: Friday, April 15, 2016 2:05 PM
To: openssl-dev at openssl.org
Subject: Re: [openssl-dev] Windows Patch affecting connectivity to our applications



On 15/04/16 09:15, Thirumal, Karthikeyan wrote:
> Dear Dev folks,
> 
> My clients are facing are connectivity issues after windows released 
> their OS upgrade this week. I think they have changed the way the SSL 
> handshake happens.
> 
> My Server is using openssl-0.9.8a and my client sits on a Microsoft 
> platform.
> 
>  
> 
> From OpenSSL - do we have a recommendation to overcome this 
> connectivity issue that started after the Microsoft patch ? Please confirm.

We have not had other reports of this issue, so I have no specific recommendation. However openssl-0.9.8a is a *very* old version of OpenSSL (released October 2005). The 0.9.8 series is out of support and is no longer receiving security bug fixes. Your server is almost certainly vulnerable to significant security defects. You should upgrade to a supported version as soon as possible. As we have not had other reports of this problem this is likely to solve your Microsoft issue too.

Matt



> 
>  
> 
>  
> 
> Thanks & Regards
> ________________________
> Karthikeyan Thirumal
> 
>  
> 
> 
> ******************************************************
> This message and any files or attachments sent with this message 
> contain confidential information and is intended only for the individual named.
> If you are not the named addressee, you should not disseminate, 
> distribute, copy or use any part of this email. If you have received 
> this message in error, please delete it and all copies from your 
> system and notify the sender immediately by return Email.
> 
> Email transmission cannot be guaranteed to be secure or error-free as 
> information can be intercepted, corrupted, lost, destroyed, late, 
> incomplete or may contain viruses. The sender, therefore, does not 
> accept liability for any errors or omissions in the contents of this 
> message, which arise as a result of email transmission.
> ******************************************************
> 
> 
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

******************************************************
This message and any files or attachments sent with this message contain confidential information and is intended only for the individual named.  If you are not the named addressee, you should not disseminate, distribute, copy or use any part of this email.  If you have received this message in error, please delete it and all copies from your system and notify the sender immediately by return Email.

Email transmission cannot be guaranteed to be secure or error-free as information can be intercepted, corrupted, lost, destroyed, late, incomplete or may contain viruses.  The sender, therefore, does not accept liability for any errors or omissions in the contents of this message, which arise as a result of email transmission.
******************************************************

More information about the openssl-dev mailing list