On 30/06/2023 13:59, Frank Gross wrote:
Hi, my company will soon update our product to work with openssl 3.0,
delivered within the product. It is basically one process that loads
dynamically that openssl 3.0 lib to manage https communication. But the
process can also load dynamically (via configuration) database client
drivers installed on a computer. (Mainly to perform secure connection
with the database engine). But those database drivers are linked with
the openssl version of the system. That is mainly openssl version 1.1.
We did some tests and both openssl libraries (v3.0 and v1.1) can be
loaded at the same time in the same process, and seems to work without
any issue.
What is your opinion about loading 2 different versions of the openssl
in one single process ? Is this something you recommend ? support ?
I've seen "bad things" happen with two different versions of OpenSSL
loaded at the same time. Usually I've seen it where statically linked
OpenSSL is used as well as a dynamically linked OpenSSL (as opposed to
two different dynamically linked versions of OpenSSL being loaded)
This is a very much "untested" configuration. I wouldn't recommend it.
What is the strategy about migrating from openssl 1.1 to openssl 3.0 ?
See:
https://www.openssl.org/docs/man3.0/man7/migration_guide.html
Matt
Thanks,
Frank Gross
