[openssl-users] Migrating to openssl 1.1.1 in real life linux server
Dennis Clarke
dclarke at blastwave.org
Tue Sep 11 18:28:12 UTC 2018
>
>> It sounds like a downstream ELF header nightmare.
>
> Actually, it works just fine. You link with the variant library,
> and it happily coexists with any dependencies you may have that in
> turn depend on the system TLS library. The variant SONAME and
> symbol versions provide all the requisite isolation. You only
> pay the cost of customization for the handful of packages you
> want to have running against the non-default libraries.
>
Mildly interesting in giving it a try. However I have 1.1.1 running and
tested fine on Solaris 10 sparc without any interferance from the system
provided ( ORacle? ) ssl bits. However I do have RUNPATH and RPATH set
to /usr/local/lib for everything I have built.
> Otherwise, you have to be sure to recompile the world ...
Right. Recompile the "world" isn't what it once was and a decently fast
system gets that done overnight.
In any case https://www.tls13.net/ is running just fine and a whole
slew of browsers ( and curl ) have hit it. Nothing from the Opera folks
however. Makes me wonder about lynx/links text browsers too.
Dennis
More information about the openssl-users
mailing list