Hi, On Tue, 17 Apr 2018 18:36:09 -0400 "Rob Marshall" <rob.marshall17@xxxxxxxxx> wrote: > The OS is SLES 10 SP3 and there are currently close to 80 binaries > that appear to use libssl.so.0.9.8. They are from a bunch of different > packages, so I would imagine that updating to anything more recent > than 0.9.8 would be a major hassle and possibly not even possible. > > I did find openssl-0.9.8zh.tar.gz which was last modified in 2015 > which is way better than 0.9.8a which hasn't been touched since 2005. > I'm trying to install 0.9.8zh now to see if that works. > > But I know someone is going to ask: Can you apply all of the newer > security fixes to 0.9.8zh? So I'll ask...can I? Of course you can. But all the patches will fail to apply automatically, at least because of the recent source code reformat. You'll have to do it by hand. The good news is that most of the security vulnerabilities wouldn't affect 0.9.8a. Many were introduced in the newer functionality, such as elliptic curves, DTLS or new asm implementations. Btw, SUSE is still maintaining SLE-10 (and backporting all the security fixes) for some customers. If you have access to the support channels, perhaps you can ask them. -- Vítězslav Čížek Emergency Update Team (EMU) "Whilst you sleep, we're probably saving the universe." -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
