Well the product in question is pretty legacy so I don't think we will be
investing time on that sort of implementation.
I understand the customer can use a build of OpenSSL 1.1.1 built for RedHat
6.6 and that should work.
Its possible they have used an installation built on a newer RedHat version.
I need to find that out first.
Tim
-----Original Message-----
From: openssl-users <openssl-users-bounces@xxxxxxxxxxx> On Behalf Of Viktor
Dukhovni
Sent: Thursday 8 July 2021 22:04
To: openssl-users@xxxxxxxxxxx
Subject: Re: installing OpenSSL 1.1.1 on RedHat 6.x
On Thu, Jul 08, 2021 at 09:58:15PM +0100, Tim Culhane wrote:
> We used to ship OpenSSL with our product but decided to decouple
> OpenSSL so that customers had the flexibility to run with whatever
> versionof OpenSSL and could upgrade OpenSSL when they needed to rather
> than waiting for an update from us containing a new OpenSSL
implementation.
That makes sense for customers on non-LTS (a.k.a. obsolete) platforms, but
if a customer is sticking with an ~10 year platform that you're forced to
support, then for *that* platform it may make sense to bundle a version of
OpenSSL that has the requisite modern features.
This can be done, and the OpenSSL build contains the necessary hooks to do
this (sorry I never wrote a detailed tutorial on how to do that, I hope, if
motivated, it should be possible to figure it out).
Of course the custom OpenSSL build would have to be built for the platform
in question (e.g. built on a sufficiently old RedHat 6.x system).
--
VIktor.
