OpenSSL compliance with Linux distributions
Matt Caswell
matt at openssl.org
Tue Aug 18 10:11:40 UTC 2020
On 18/08/2020 05:10, Jakob Bohm via openssl-users wrote:
> The key thing to do is to make those client applications not request the
> ssl23-method from OpenSSL 0.9.x .
> ssl23 explicitly requests this backward-compatibility feature while
> OpenSSL 3.x.x apparently deleted the
> ability to respond to this "historic" TLS hello format, which is also
> sent by some not-that-old web browsers.
This capability has not been deleted from OpenSSL 3.0. It is still able
to respond to SSLv2 format ClientHellos. Although testing that does
reveal a bug (which may actually be the same one as reported by John
Baldwin in the thread "Testing TLS 1.0 with OpenSSL master").
Matt
>
>
> On 05/08/2020 22:19, Skip Carter wrote:
>> Patrick,
>>
>> I am also supporting servers running very old Linux systems and I can
>> tell you that YES you can upgrade from source. I have built
>> openssl-1.1.1 from source on such systems with no problems.
>>
>> On Wed, 2020-08-05 at 21:49 +0200, Patrick Mooc wrote:
>>> Hello,
>>>
>>> I'm using an old version of OpenSSL (0.9.8g) on an old Linux Debian
>>> distribution (Lenny).
>>>
>>> Is it possible to upgrade OpenSSL version without upgrading Linux
>>> Debian
>>> distribution ?
>>> If yes, up to which version of OpenSSL ?
>>>
>>> Are all versions of OpenSSL compliant with all Linux Debian
>>> distribution ?
>>>
>>>
>>> Thank you in advance for your answer.
>>>
>>> Best Regards,
>>>
>
>
> Enjoy
>
> Jakob
More information about the openssl-users
mailing list