Re: Program works with older libssl, but not with newer

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Mar 31, 2020 at 11:27:27AM +0200, Christoph Pleger wrote:

> I have here a self-written server program and the corresponding self-written 
> client program. These run well together with libssl 1.1.0l, but with libssl 
> 1.1.1d, the same programs give errors SSL_ERROR_SYSCALL in SSL_read(), no 
> matter if I recompile the programs and then run them, or just replace libssl 
> with the newer version. 

OpenSSL 1.1.1 supports TLS 1.3, which OpenSSL 1.1.0 did not.

> So, I want to ask if there are any known incompabilities in the libssl 
> versions that require me to change the code of the programs, or if there is 
> any known bug in libssl1.1.1d that may cause the mentioned errors.

Use of TLS 1.3 changes the communication patterns of the TLS protocol in
some non-trivial ways, and, if your application were fragile, it might
have gotten by with TLS 1.2, but the latent bugs could show up with TLS
1.3.

You can test with TLS 1.3 disabled and see whether the makes a
difference.  If it does, you will then need to debug your program and
see where it fails with TLS 1.3.

There are other improvements and bug fixes, but no known fundamental
obstacles to running robustly implemented clients built for 1.1.0
against 1.1.1 libraries.

-- 
    Viktor.



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux