[openssl-dev] Windows Patch affecting connectivity to our applications

Fri Apr 15 13:43:46 UTC 2016

Matt,
Can you tell me if we can enable SSL in fragments with openssl-0.9.8a ? So that the version of Openssl that I have can handle this seamlessly.

Just confirmed with MS that they have started to send SSL data in fragments.

Thanks & Regards
________________________
Karthikeyan Thirumal
ADD-Web-NXP-India, Application Development Delivery
iNautix Technologies India Pvt. Ltd., A BNY Mellon Company.
Extn (Internal): 612-10650
Direct Line: (+1) 615-381-0650
Email: kthirumal at inautix.co.in

Information Classification: Internal Use Only

-----Original Message-----
From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Matt Caswell
Sent: Friday, April 15, 2016 3:17 PM
To: openssl-dev at openssl.org
Subject: Re: [openssl-dev] Windows Patch affecting connectivity to our applications

On 15/04/16 10:33, Thirumal, Karthikeyan wrote:
> Yes Matt - I agree that it is a very old / low version that we are 
> using. We faced few memory issues with the 0.9.8zc - so we backed out 
> and lived with 9.8a. In addition we are also planning to terminate SSL 
> at F5 rather than our Server - so we did not really care about the 
> lower version.
> 
> Am still unclear what is the patch that MS released on April 12 that 
> is affecting the SSL communication ?

No idea - that's probably more a question for MS.

> 
> Some more info -  My F5 version in test region uses 0.9.8e version and 
> connectivity is working fine. Can you clarify the SSL related 
> differences between 8a and 8e ?

The Change log summarises the major differences. See:

https://github.com/openssl/openssl/blob/OpenSSL_0_9_8-stable/CHANGES#L1254

Matt

> 
> Thanks & Regards ________________________ Karthikeyan Thirumal
> 
> -----Original Message----- From: openssl-dev 
> [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Matt Caswell
> Sent: Friday, April 15, 2016 2:05 PM To: openssl-dev at openssl.org
> Subject: Re: [openssl-dev] Windows Patch affecting connectivity to our 
> applications
> 
> 
> 
> On 15/04/16 09:15, Thirumal, Karthikeyan wrote:
>> Dear Dev folks,
>> 
>> My clients are facing are connectivity issues after windows released 
>> their OS upgrade this week. I think they have changed the way the SSL 
>> handshake happens.
>> 
>> My Server is using openssl-0.9.8a and my client sits on a Microsoft  
>> platform.
>> 
>> 
>> 
>> From OpenSSL - do we have a recommendation to overcome this 
>> connectivity issue that started after the Microsoft patch ? Please 
>> confirm.
> 
> We have not had other reports of this issue, so I have no specific 
> recommendation. However openssl-0.9.8a is a *very* old version of 
> OpenSSL (released October 2005). The 0.9.8 series is out of support 
> and is no longer receiving security bug fixes. Your server is almost 
> certainly vulnerable to significant security defects. You should 
> upgrade to a supported version as soon as possible. As we have not had 
> other reports of this problem this is likely to solve your Microsoft 
> issue too.
> 
> Matt
> 
> 
> 
>> 
>> 
>> 
>> 
>> 
>> Thanks & Regards ________________________ Karthikeyan Thirumal
>> 
>> 
>> 
>> 
>> ****************************************************** This message 
>> and any files or attachments sent with this message contain 
>> confidential information and is intended only for the individual 
>> named. If you are not the named addressee, you should not 
>> disseminate, distribute, copy or use any part of this email. If you 
>> have received this message in error, please delete it and all copies 
>> from your system and notify the sender immediately by return Email.
>> 
>> Email transmission cannot be guaranteed to be secure or error-free as 
>> information can be intercepted, corrupted, lost, destroyed, late, 
>> incomplete or may contain viruses. The sender, therefore, does not 
>> accept liability for any errors or omissions in the contents of this 
>> message, which arise as a result of email transmission.
>> ******************************************************
>> 
>> 
> -- openssl-dev mailing list To unsubscribe:
> https://mta.openssl.org/mailman/listinfo/openssl-dev
> 
> ****************************************************** This message 
> and any files or attachments sent with this message contain 
> confidential information and is intended only for the individual 
> named.  If you are not the named addressee, you should not 
> disseminate, distribute, copy or use any part of this email.  If you 
> have received this message in error, please delete it and all copies 
> from your system and notify the sender immediately by return Email.
> 
> Email transmission cannot be guaranteed to be secure or error-free as 
> information can be intercepted, corrupted, lost, destroyed, late, 
> incomplete or may contain viruses.  The sender, therefore, does not 
> accept liability for any errors or omissions in the contents of this 
> message, which arise as a result of email transmission.
> ******************************************************
> 
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

******************************************************
This message and any files or attachments sent with this message contain confidential information and is intended only for the individual named.  If you are not the named addressee, you should not disseminate, distribute, copy or use any part of this email.  If you have received this message in error, please delete it and all copies from your system and notify the sender immediately by return Email.

Email transmission cannot be guaranteed to be secure or error-free as information can be intercepted, corrupted, lost, destroyed, late, incomplete or may contain viruses.  The sender, therefore, does not accept liability for any errors or omissions in the contents of this message, which arise as a result of email transmission.
******************************************************