[openssl-dev] Windows Patch affecting connectivity to our applications
Matt Caswell
matt at openssl.org
Wed Apr 20 14:12:59 UTC 2016
On 20/04/16 15:03, Thirumal, Karthikeyan wrote:
> Thanks Rich.
>
> We first attempted to move to openssl-0.9.8zc - but we faced memory issues and our process got dumped at SSL_free. So we backed out and moved back to 9.8a.
>
> Can I go to 0.9.8e version and will the SSL fragment issue be fixed there ?
I don't know what the cause of the fragments issue is. AFAICS fragments
should work just fine in 0.9.8. However, there are a large number of
bugs that were fixed between 0.9.8a and 0.9.8zc. As neither version is
in support any more you'd have to try it for yourself. But really Rich
is absolutely right...the correct answer here is upgrade to a supported
version (i.e. not a 0.9.8/1.0.0 based version) and fix the memory issues
you are experiencing. OpenSSL is a security product. With the version
that you are currently running you are effectively getting near zero
security benefit.
Matt
>
> Thanks & Regards
> ________________________
> Karthikeyan Thirumal
>
> -----Original Message-----
> From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Salz, Rich
> Sent: Friday, April 15, 2016 10:26 PM
> To: openssl-dev at openssl.org
> Subject: Re: [openssl-dev] Windows Patch affecting connectivity to our applications
>
>> Can you tell me if we can enable SSL in fragments with openssl-0.9.8a ? So
>
> Upgrade.
>
> Sorry, that's the only answer.
>
> --
> Senior Architect, Akamai Technologies
> IM: richsalz at jabber.at Twitter: RichSalz
>
More information about the openssl-dev
mailing list