[openssl-users] Migrating to openssl 1.1.1 in real life linux server

Dennis Clarke dclarke at blastwave.org
Tue Sep 11 18:28:12 UTC 2018

>> It sounds like a downstream ELF header nightmare.
> Actually, it works just fine.  You link with the variant library,
> and it happily coexists with any dependencies you may have that in
> turn depend on the system TLS library.  The variant SONAME and
> symbol versions provide all the requisite isolation.  You only
> pay the cost of customization for the handful of packages you
> want to have running against the non-default libraries.

Mildly interesting in giving it a try.  However I have 1.1.1 running and
tested fine on Solaris 10 sparc without any interferance from the system
provided ( ORacle? ) ssl bits. However I do have RUNPATH and RPATH set
to /usr/local/lib for everything I have built.

> Otherwise, you have to be sure to recompile the world ...

Right.  Recompile the "world" isn't what it once was and a decently fast
system gets that done overnight.

In any case  https://www.tls13.net/  is running just fine and a whole
slew of browsers ( and curl ) have hit it.  Nothing from the Opera folks
however. Makes me wonder about lynx/links text browsers too.


More information about the openssl-users mailing list