On 16/07/18 15:32, Dean Warren wrote: > Another good question. > > I believe from the information I have been provided that 0.9.8za fixes the issues previously described for 0.9.8h, on SLES 11 SP1 (apparently). > (Unless I am missing something here - highly possible?) 0.9.8za may fix some issues present in 0.9.8h but it won't fix all the issues that have been discovered and fixed in the 4 years since it was released. The 0.9.8 version has been out of support by the OpenSSL project for some years now. Individual vendors may continue to support it and backport fixes to it - so you are better off getting the latest version from your vendor rather than from the OpenSSL project. Note that sometimes vendors freeze the version number, even though they are continuing to fix security issues, i.e. just because you have 0.9.8h it doesn't mean it has all the same issues that 0.9.8h sourced directly from the OpenSSL project has. The vendor may have patched the issues but maintained the version number at 0.9.8h. I can't say anything much specifically about Suse policy, but I did find this: https://www.suse.com/lifecycle/ This suggests that SLES 11 is still in support until 31st March 2019 (although the current version is listed as SP4 - so you may need to upgrade to that). This page suggests that their policy is to continue to fix security issues during that support period: https://www.suse.com/support/policy/ So, it seems to me, that your best bet is to upgrade to SP4 and ensure all patches are kept up-to-date. Note though that after 31st March 2019 you are into Long Term Service Pack Support (which presumably you have to pay extra for). Matt > > Dean Warren > > -----Original Message----- > From: openssl-users <openssl-users-bounces@xxxxxxxxxxx> On Behalf Of Michael Wojcik > Sent: 16 July 2018 15:27 > To: openssl-users@xxxxxxxxxxx > Subject: Re: Deployment > >> From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On >> Behalf Of Dean Warren >> Sent: Monday, July 16, 2018 03:32 >> To: openssl-users@xxxxxxxxxxx >> Subject: Re: Deployment >> >> Yeah that does sounds scary. >> I will look into vendors options. > > Also - why 0.9.8za? That's *ancient*. This seems like a lot of work for a result of rather dubious value. What problem are you trying to solve? > > -- > Michael Wojcik > Distinguished Engineer, Micro Focus > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > > > SCISYS UK Limited. Registered in England and Wales No. 4373530. > Registered Office: Methuen Park, Chippenham, Wiltshire SN14 0GB, UK. > > Before printing, please think about the environment. > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
