[openssl-users] Deployment

Matt Caswell matt at openssl.org
Mon Jul 16 14:47:41 UTC 2018

On 16/07/18 15:32, Dean Warren wrote:
> Another good question.
> I believe from the information I have been provided that 0.9.8za fixes the issues previously described for 0.9.8h, on SLES 11 SP1 (apparently).
> (Unless I am missing something here - highly possible?)

0.9.8za may fix some issues present in 0.9.8h but it won't fix all the
issues that have been discovered and fixed in the 4 years since it was

The 0.9.8 version has been out of support by the OpenSSL project for
some years now. Individual vendors may continue to support it and
backport fixes to it - so you are better off getting the latest version
from your vendor rather than from the OpenSSL project. Note that
sometimes vendors freeze the version number, even though they are
continuing to fix security issues, i.e. just because you have 0.9.8h it
doesn't mean it has all the same issues that 0.9.8h sourced directly
from the OpenSSL project has. The vendor may have patched the issues but
maintained the version number at 0.9.8h.

I can't say anything much specifically about Suse policy, but I did find


This suggests that SLES 11 is still in support until 31st March 2019
(although the current version is listed as SP4 - so you may need to
upgrade to that). This page suggests that their policy is to continue to
fix security issues during that support period:


So, it seems to me, that your best bet is to upgrade to SP4 and ensure
all patches are kept up-to-date.

Note though that after 31st March 2019 you are into Long Term Service
Pack Support (which presumably you have to pay extra for).


> Dean Warren 
> -----Original Message-----
> From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of Michael Wojcik
> Sent: 16 July 2018 15:27
> To: openssl-users at openssl.org
> Subject: Re: [openssl-users] Deployment
>> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On 
>> Behalf Of Dean Warren
>> Sent: Monday, July 16, 2018 03:32
>> To: openssl-users at openssl.org
>> Subject: Re: [openssl-users] Deployment
>> Yeah that does sounds scary.
>> I will look into vendors options.
> Also - why 0.9.8za? That's *ancient*. This seems like a lot of work for a result of rather dubious value. What problem are you trying to solve?
> --
> Michael Wojcik
> Distinguished Engineer, Micro Focus
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> SCISYS UK Limited. Registered in England and Wales No. 4373530.
> Registered Office: Methuen Park, Chippenham, Wiltshire SN14 0GB, UK.
> Before printing, please think about the environment.

More information about the openssl-users mailing list