On Thu, Jul 08, 2021 at 09:58:15PM +0100, Tim Culhane wrote:
> We used to ship OpenSSL with our product but decided to decouple OpenSSL so
> that customers had the flexibility to run with whatever versionof OpenSSL
> and could upgrade OpenSSL when they needed to rather than waiting for an
> update from us containing a new OpenSSL implementation.
That makes sense for customers on non-LTS (a.k.a. obsolete) platforms,
but if a customer is sticking with an ~10 year platform that you're
forced to support, then for *that* platform it may make sense to
bundle a version of OpenSSL that has the requisite modern features.
This can be done, and the OpenSSL build contains the necessary hooks to
do this (sorry I never wrote a detailed tutorial on how to do that, I
hope, if motivated, it should be possible to figure it out).
Of course the custom OpenSSL build would have to be built for the
platform in question (e.g. built on a sufficiently old RedHat 6.x
system).
--
VIktor.
