Hi Dr. Henson, Thank you for your prompt reply! I'll pass this information over to management.
- Jorge -----Original Message----- From: Stephen Henson via RT [mailto:[email protected]] Sent: Thursday, January 23, 2014 8:02 AM To: Torres, Jorge Cc: [email protected] Subject: [openssl.org #3242] Patch Request for OpenSSL 0.9.8 On Thu Jan 23 09:32:12 2014, [email protected] wrote: > Hello, > > My name is Jorge Torres and I'm a software engineer at EMC Corp. I > work with two EMC products which utilize OpenSSL version 0.9.8 (on > Windows x86 and x64, Solaris, HP, AIX and Linux), and I am writing > this email in regards to the advisory described in the following > link: > http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ca989269a2876bae79393bd54c3e72d49975fc75 > > Essentially, we need OpenSSL version 1.0.2 in order to resolve a > security vulnerability. However, upgrading to OpenSSL 1.0.2 would > require a significant amount of effort from our end. Are there any > patches for OpenSSL 0.9.8 that would address this issue? > I did review a list of commit diffs listed in this link: > http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0294b2be5f > 4c11 However, I cannot apply those diffs to the 0.9.8 version of the > .c files. It looks like 0.9.8 is too old. > > I appreciate any help you can provide. > That only affects versions of OpenSSL which support TLS 1.2. Currently only the 1.0.1 releases support TLS 1.2. So OpenSSL 0.9.8 is not affected by that issue so there is no need to patch it. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
