Folks In the home-grown application I have, data is encrypted on Windows clients and decrypted on Centos servers, all with OpenSSL, using a shared symmetric password. My clients have been running OpenSSL versions 1.0.* with each new version being installed on Windows (using https://slproweb.com/download/Win64OpenSSL...) with no compatibility issues, EXCEPT when I switched from 1.0.2h to 1.1.0. My servers are running whichever is supported by Centos systems -- currently 1.0.1e-fips. My methods do the following, with my real values replaced by fixed values in this example: On the client: Encrypt the value "abcde" with a password "123" with salt Windows command: echo abcde | openssl enc -salt -a -A -aes128 -pass pass:123 On the server: Decrypt the salted message with the password "123", and recover the value "1". Linux command: echo (the output of the above) | openssl enc -d -salt -a -A -aes128 -pass pass:123 When the ENCRYPTING software is 1_0_2h and the decrypting software is 1_0_1e on Linux or 1_0_2h on Windows, the decryption successfully recovers the value "abcde". When the encrypting software is 1_1_0 and the decrypting software is 1_0_1e on Linux or 1_0_2h on Windows, it fails with the message: bad decrypt 139701985818440:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:596: Or, in summary When both the encrypting and decrypting software are both 1_1_0, or both 1_0_2(e..h), the decryption succeeded. If the versions were different, it failed. Is this a feature or a bug? Is there some setting I should have different? Thanks in advance David
