On 15/04/16 10:33, Thirumal, Karthikeyan wrote: > Yes Matt - I agree that it is a very old / low version that we are > using. We faced few memory issues with the 0.9.8zc - so we backed out > and lived with 9.8a. In addition we are also planning to terminate > SSL at F5 rather than our Server - so we did not really care about > the lower version. > > Am still unclear what is the patch that MS released on April 12 that > is affecting the SSL communication ?
No idea - that's probably more a question for MS. > > Some more info - My F5 version in test region uses 0.9.8e version > and connectivity is working fine. Can you clarify the SSL related > differences between 8a and 8e ? The Change log summarises the major differences. See: https://github.com/openssl/openssl/blob/OpenSSL_0_9_8-stable/CHANGES#L1254 Matt > > Thanks & Regards ________________________ Karthikeyan Thirumal > > -----Original Message----- From: openssl-dev > [mailto:[email protected]] On Behalf Of Matt Caswell > Sent: Friday, April 15, 2016 2:05 PM To: [email protected] > Subject: Re: [openssl-dev] Windows Patch affecting connectivity to > our applications > > > > On 15/04/16 09:15, Thirumal, Karthikeyan wrote: >> Dear Dev folks, >> >> My clients are facing are connectivity issues after windows >> released their OS upgrade this week. I think they have changed the >> way the SSL handshake happens. >> >> My Server is using openssl-0.9.8a and my client sits on a Microsoft >> platform. >> >> >> >> From OpenSSL - do we have a recommendation to overcome this >> connectivity issue that started after the Microsoft patch ? Please >> confirm. > > We have not had other reports of this issue, so I have no specific > recommendation. However openssl-0.9.8a is a *very* old version of > OpenSSL (released October 2005). The 0.9.8 series is out of support > and is no longer receiving security bug fixes. Your server is almost > certainly vulnerable to significant security defects. You should > upgrade to a supported version as soon as possible. As we have not > had other reports of this problem this is likely to solve your > Microsoft issue too. > > Matt > > > >> >> >> >> >> >> Thanks & Regards ________________________ Karthikeyan Thirumal >> >> >> >> >> ****************************************************** This message >> and any files or attachments sent with this message contain >> confidential information and is intended only for the individual >> named. If you are not the named addressee, you should not >> disseminate, distribute, copy or use any part of this email. If you >> have received this message in error, please delete it and all >> copies from your system and notify the sender immediately by return >> Email. >> >> Email transmission cannot be guaranteed to be secure or error-free >> as information can be intercepted, corrupted, lost, destroyed, >> late, incomplete or may contain viruses. The sender, therefore, >> does not accept liability for any errors or omissions in the >> contents of this message, which arise as a result of email >> transmission. >> ****************************************************** >> >> > -- openssl-dev mailing list To unsubscribe: > https://mta.openssl.org/mailman/listinfo/openssl-dev > > ****************************************************** This message > and any files or attachments sent with this message contain > confidential information and is intended only for the individual > named. If you are not the named addressee, you should not > disseminate, distribute, copy or use any part of this email. If you > have received this message in error, please delete it and all copies > from your system and notify the sender immediately by return Email. > > Email transmission cannot be guaranteed to be secure or error-free as > information can be intercepted, corrupted, lost, destroyed, late, > incomplete or may contain viruses. The sender, therefore, does not > accept liability for any errors or omissions in the contents of this > message, which arise as a result of email transmission. > ****************************************************** > -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
