On Tue, Mar 31, 2020 at 11:27:27AM +0200, Christoph Pleger wrote: > I have here a self-written server program and the corresponding self-written > client program. These run well together with libssl 1.1.0l, but with libssl > 1.1.1d, the same programs give errors SSL_ERROR_SYSCALL in SSL_read(), no > matter if I recompile the programs and then run them, or just replace libssl > with the newer version. OpenSSL 1.1.1 supports TLS 1.3, which OpenSSL 1.1.0 did not. > So, I want to ask if there are any known incompabilities in the libssl > versions that require me to change the code of the programs, or if there is > any known bug in libssl1.1.1d that may cause the mentioned errors. Use of TLS 1.3 changes the communication patterns of the TLS protocol in some non-trivial ways, and, if your application were fragile, it might have gotten by with TLS 1.2, but the latent bugs could show up with TLS 1.3. You can test with TLS 1.3 disabled and see whether the makes a difference. If it does, you will then need to debug your program and see where it fails with TLS 1.3. There are other improvements and bug fixes, but no known fundamental obstacles to running robustly implemented clients built for 1.1.0 against 1.1.1 libraries. -- Viktor.