[openssl-project] The problem of (implicit) relinking and changed behaviour

Viktor Dukhovni openssl-users at dukhovni.org
Sun Apr 15 16:18:48 UTC 2018

> On Apr 15, 2018, at 2:24 AM, Bernd Edlinger <bernd.edlinger at hotmail.de> wrote:
> One possible example of application failure that I am aware of is #5743:
> A certificate that is incompatible with TLS1.3 but works with TLS1.2.
> Admittedly that I did come up with that scenario only because I saw
> a possible issue per code inspection.

[ Repeating in part my response to Richar's mesage also in this thread ]

This is a bug that needs to be fixed, the point format for TLS does not
have any provenance over X.509.  There's no such thing as a certificate
not compatible with TLS 1.3 (that is compatible with TLS 1.2).


More information about the openssl-project mailing list