OpenSSL Beta 2, report of successful migration

Angus Robertson - Magenta Systems Ltd angus at magsys.co.uk
Mon Aug 2 10:43:00 UTC 2021


> Just wanted to report that our private code update to move on 
> from OpenSSL 1.1.1 to 3.0 Beta 2 is successful.

Likewise, I've updated our Windows code to use 3.0 easily, been running
one public web server for three weeks.

Only frustration has been the change of PKCS12 password encryption to
AES256 from 3DES, since Microsoft only added AES256 support in October
2017 and older versions of Windows can only install PKCS12 3DES
encrypted files, which requires the OpenSSL 3.0 legacy provider to be
loaded.  

I believe the earliest versions of Windows to support AES256 are
Windows Server 2016 v1709 and Windows 10 v1709. 

Also the legacy.dll does not load automatically from the same path as
the main DLLs, but needs OSSL_PROVIDER_set_default_search_path to be
set first.

Not looked at replacing low level RSA and EC APIs yet.  

Angus







More information about the openssl-users mailing list