On 18/08/2020 05:10, Jakob Bohm via openssl-users wrote: > The key thing to do is to make those client applications not request the > ssl23-method from OpenSSL 0.9.x . > ssl23 explicitly requests this backward-compatibility feature while > OpenSSL 3.x.x apparently deleted the > ability to respond to this "historic" TLS hello format, which is also > sent by some not-that-old web browsers. This capability has not been deleted from OpenSSL 3.0. It is still able to respond to SSLv2 format ClientHellos. Although testing that does reveal a bug (which may actually be the same one as reported by John Baldwin in the thread "Testing TLS 1.0 with OpenSSL master"). Matt > > > On 05/08/2020 22:19, Skip Carter wrote: >> Patrick, >> >> I am also supporting servers running very old Linux systems and I can >> tell you that YES you can upgrade from source. I have built >> openssl-1.1.1 from source on such systems with no problems. >> >> On Wed, 2020-08-05 at 21:49 +0200, Patrick Mooc wrote: >>> Hello, >>> >>> I'm using an old version of OpenSSL (0.9.8g) on an old Linux Debian >>> distribution (Lenny). >>> >>> Is it possible to upgrade OpenSSL version without upgrading Linux >>> Debian >>> distribution ? >>> If yes, up to which version of OpenSSL ? >>> >>> Are all versions of OpenSSL compliant with all Linux Debian >>> distribution ? >>> >>> >>> Thank you in advance for your answer. >>> >>> Best Regards, >>> > > > Enjoy > > Jakob
