Results 1 to 4 of 4

Thread: openssl 1.0.0 vs 1.1.1

Hybrid View

  1. #1
    Join Date
    Mar 2012
    Location
    West of Detroit
    Posts
    81

    openssl 1.0.0 vs 1.1.1

    Hey,

    The release notes make it sound like you can put both the libs from 1.0.0 and 1.1.1 on the same box and that the system tools are compiled against 1.0.0.
    When I try to installed 1.1.1 yast says there is a conflict and asks if it should remove 1.0.0 libs? If I install 1.1.1 and remove the 1.0.0 libs is that going to
    prevent things compiled against 1.0.0 from working? I would think so... so I'm trying to figure out how you are supposed to use the 1.1.1 libs?
    Any clarifications or suggestions are welcome

    Thanks,
    Matt

  2. #2

    Re: openssl 1.0.0 vs 1.1.1

    It may help if you can provide a link to the docs you are reading. I know
    with SLES 11 there was a new Security Module added providing newer OpenSSL
    support way back then, which was able to be installed concurrently so only
    the things you needed would use it. I also know that with SLES 12 and/or
    15 there is a legacy module which has some older things, so maybe that,
    too, can be installed concurrently. Still, I have not tried the latter on
    SLES 15, and maybe it requires certain steps, so seeing the docs would
    maybe help us help you.

    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below.

    If you want to send me a private message, please let me know in the
    forum as I do not use the web interface often.

  3. #3
    Join Date
    Mar 2012
    Location
    West of Detroit
    Posts
    81

    Re: openssl 1.0.0 vs 1.1.1

    From :: https://www.suse.com/releasenotes/x8...E-SLES/12-SP4/

    4.2.2 Support for TLS 1.3 in OpenSSL 1.1.1 REPORT BUG#
    TLS 1.3 is a new version of the Transport Layer Security protocol with some major differences and improvements over the established TLS 1.2. This new protocol version is only available in OpenSSL 1.1.1 or later. This new version is not binary-compatible with the default version of OpenSSL in SLE 12 SP4 (OpenSSL 1.0), and has known differences in the API that require making adjustments before applications can benefit from the changes.

    OpenSSL 1.1.1 with support for TLSv1.3 is shipped as an option. In SLE 12 SP4, the libraries can be loaded into the same binary image along with OpenSSL 1.0 with symbol versioning enabled. To take advantage of this new protocol option, applications need to be built with OpenSSL 1.1.1 explicitly.

    OpenSSL 1.0 remains the default for system libraries, services and tools.

    Thanks,
    Matt



    Quote Originally Posted by ab View Post
    It may help if you can provide a link to the docs you are reading. I know
    with SLES 11 there was a new Security Module added providing newer OpenSSL
    support way back then, which was able to be installed concurrently so only
    the things you needed would use it. I also know that with SLES 12 and/or
    15 there is a legacy module which has some older things, so maybe that,
    too, can be installed concurrently. Still, I have not tried the latter on
    SLES 15, and maybe it requires certain steps, so seeing the docs would
    maybe help us help you.

    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below.

    If you want to send me a private message, please let me know in the
    forum as I do not use the web interface often.

  4. #4
    Join Date
    Mar 2012
    Location
    West of Detroit
    Posts
    81

    Re: openssl 1.0.0 vs 1.1.1

    Okay, VM snapshotted on my boxes.

    Installed openssl 1.1.1 and devel packages
    It removed the 1.1.0 devel packages

    System still works
    recompiling apache picked up 1.1.1 and tls1.3
    so this appears to be easier than I expected.

    Matt

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •