[openssl-dev] Windows Patch affecting connectivity to our applications

Matt Caswell matt at openssl.org
Fri Apr 15 09:47:19 UTC 2016 


On 15/04/16 10:33, Thirumal, Karthikeyan wrote:
> Yes Matt - I agree that it is a very old / low version that we are
> using. We faced few memory issues with the 0.9.8zc - so we backed out
> and lived with 9.8a. In addition we are also planning to terminate
> SSL at F5 rather than our Server - so we did not really care about
> the lower version.
> 
> Am still unclear what is the patch that MS released on April 12 that
> is affecting the SSL communication ?

No idea - that's probably more a question for MS.

> 
> Some more info -  My F5 version in test region uses 0.9.8e version
> and connectivity is working fine. Can you clarify the SSL related
> differences between 8a and 8e ?

The Change log summarises the major differences. See:

https://github.com/openssl/openssl/blob/OpenSSL_0_9_8-stable/CHANGES#L1254

Matt


> 
> Thanks & Regards ________________________ Karthikeyan Thirumal
> 
> -----Original Message----- From: openssl-dev
> [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Matt Caswell 
> Sent: Friday, April 15, 2016 2:05 PM To: openssl-dev at openssl.org 
> Subject: Re: [openssl-dev] Windows Patch affecting connectivity to
> our applications
> 
> 
> 
> On 15/04/16 09:15, Thirumal, Karthikeyan wrote:
>> Dear Dev folks,
>> 
>> My clients are facing are connectivity issues after windows
>> released their OS upgrade this week. I think they have changed the
>> way the SSL handshake happens.
>> 
>> My Server is using openssl-0.9.8a and my client sits on a Microsoft
>>  platform.
>> 
>> 
>> 
>> From OpenSSL - do we have a recommendation to overcome this 
>> connectivity issue that started after the Microsoft patch ? Please
>> confirm.
> 
> We have not had other reports of this issue, so I have no specific
> recommendation. However openssl-0.9.8a is a *very* old version of
> OpenSSL (released October 2005). The 0.9.8 series is out of support
> and is no longer receiving security bug fixes. Your server is almost
> certainly vulnerable to significant security defects. You should
> upgrade to a supported version as soon as possible. As we have not
> had other reports of this problem this is likely to solve your
> Microsoft issue too.
> 
> Matt
> 
> 
> 
>> 
>> 
>> 
>> 
>> 
>> Thanks & Regards ________________________ Karthikeyan Thirumal
>> 
>> 
>> 
>> 
>> ****************************************************** This message
>> and any files or attachments sent with this message contain
>> confidential information and is intended only for the individual
>> named. If you are not the named addressee, you should not
>> disseminate, distribute, copy or use any part of this email. If you
>> have received this message in error, please delete it and all
>> copies from your system and notify the sender immediately by return
>> Email.
>> 
>> Email transmission cannot be guaranteed to be secure or error-free
>> as information can be intercepted, corrupted, lost, destroyed,
>> late, incomplete or may contain viruses. The sender, therefore,
>> does not accept liability for any errors or omissions in the
>> contents of this message, which arise as a result of email
>> transmission. 
>> ******************************************************
>> 
>> 
> -- openssl-dev mailing list To unsubscribe:
> https://mta.openssl.org/mailman/listinfo/openssl-dev
> 
> ****************************************************** This message
> and any files or attachments sent with this message contain
> confidential information and is intended only for the individual
> named.  If you are not the named addressee, you should not
> disseminate, distribute, copy or use any part of this email.  If you
> have received this message in error, please delete it and all copies
> from your system and notify the sender immediately by return Email.
> 
> Email transmission cannot be guaranteed to be secure or error-free as
> information can be intercepted, corrupted, lost, destroyed, late,
> incomplete or may contain viruses.  The sender, therefore, does not
> accept liability for any errors or omissions in the contents of this
> message, which arise as a result of email transmission. 
> ******************************************************
>

More information about the openssl-dev mailing list