Re: [openssl-users] Query regarding upgrading TLS compatibility

2017-04-03 Thread Viktor Dukhovni
> On Apr 3, 2017, at 8:42 PM, Kyle Hamilton wrote: > > > In other words, it is very unlikely that TLS 1.3 can be implemented > in a binary-compatible manner. It is best if you plan to recompile > your application against the version of the library that implements > TLS

Re: [openssl-users] Query regarding upgrading TLS compatibility

2017-04-03 Thread Kyle Hamilton
Every new version of TLS requires code to be written. Sometimes it can be implemented in a binary compatible manner, and in those situations you can get the implementation of a new TLS version by simply replacing a DLL or equivalent dynamic library. However, it's much more likely that the

Re: [openssl-users] openssl-compat patch for OpenSSL 1.0.2 and below?

2017-04-03 Thread Jeffrey Walton
On Mon, Apr 3, 2017 at 5:49 PM, Benjamin Kaduk wrote: > On 04/02/2017 07:42 PM, Jeffrey Walton wrote: > > I was looking at Kurt Roeckx 's patches for OpenSSH at > https://github.com/openssh/openssh-portable/pull/48/files. See > libcrypto-compat.h and libcrypto-compat.c. > > Are

Re: [openssl-users] Query regarding upgrading TLS compatibility

2017-04-03 Thread Viktor Dukhovni
> On Apr 3, 2017, at 5:58 PM, Benjamin Kaduk via openssl-users > wrote: > >> I have an query regarding TLS compatibility used in my application. >> Currently we are using TLS1.2 to connect to a third party sever. Is there >> any way to always use the highest TLS

Re: [openssl-users] Query regarding upgrading TLS compatibility

2017-04-03 Thread Benjamin Kaduk via openssl-users
On 04/03/2017 04:42 AM, Hegde, Harsha wrote: > > Hi, > > I have an query regarding TLS compatibility used in my application. > Currently we are using TLS1.2 to connect to a third party sever. Is > there any way to always use the highest TLS available version without > modifying or recompiling the

Re: [openssl-users] openssl-compat patch for OpenSSL 1.0.2 and below?

2017-04-03 Thread Benjamin Kaduk via openssl-users
On 04/02/2017 07:42 PM, Jeffrey Walton wrote: > I was looking at Kurt Roeckx 's patches for OpenSSH at > https://github.com/openssh/openssh-portable/pull/48/files. See > libcrypto-compat.h and libcrypto-compat.c. > > Are the source files distributed by OpenSSL? If so, where is the download? > > If

Re: [openssl-users] verify depth behavior change from 1.0.2 to 1.1.0?

2017-04-03 Thread Viktor Dukhovni
> On Apr 3, 2017, at 4:26 PM, Benjamin Kaduk wrote: > > There was a fair amount of churn in x509_vfy.c with the inclusion > of the DANE stuff and whatnot, so it's not immediately clear to me > when this change actually happened. I think there are good > arguments for the

Re: [openssl-users] OpenSSL sending close_notify rightafterresponding to a heartbeat request

2017-04-03 Thread R Kaja Mohideen
Still - I couldn't find the root-cause why OpenSSL is closing after responding. Any pointers about which area of codebase is causing this will be very helpful. Is there any commercial support available for OpenSSL? On Wed, Mar 29, 2017 at 6:47 AM, Kaja Mohideen wrote: > It

[openssl-users] Query regarding upgrading TLS compatibility

2017-04-03 Thread Hegde, Harsha
Hi, I have an query regarding TLS compatibility used in my application. Currently we are using TLS1.2 to connect to a third party sever. Is there any way to always use the highest TLS available version without modifying or recompiling the application code whenever there is any new version of