Thank you very much Kyle for your quick and clear answer.
The reason why I want to upgrade OpenSSL version, is that I encounter a
problem with 1 frame exchange between client and server.
This frame is the first packet sent from client to server (Client Hello
Packet) and the protocol used for this packet is SSLv2.
I don't understand why, because I force the use of TLSv1 (in ssl.conf
file as in application software), but only for this first exchange
packet, SSLv2 is used. All other packets are well using TLSv10 as
configured.
I have also searched for forcing the use of TLSv10 ciphers in OpenSSL
configuration and in application software, but I didn't succeed doing so.
That's why I had in idea of upgrading OpenSSL version to avoid the use
of SSLv2 protocol.
Thus, if you have any idea of how to solve my problem without upgrading
OpenSSL version or Linux distribution, It would be very nice.
Thank you in advance for your answer.
Best Regards,
Le 05/08/2020 à 22:10, Kyle Hamilton a écrit :
It is never recommended to upgrade you distribution's version of
OpenSSL with one you compile yourself. Doing so will often break all
software installed by the distribution that uses it.
If you need functionality from newer versions of OpenSSL, your options
are to upgrade your OS version, or to install a local copy of OpenSSL
and manually compile and link local copies of the applications that
need the newer functionality.
(Newer versions of OpenSSL do not maintain the same Application Binary
Interface (ABI), which means that binaries compiled against older
versions will not correctly operate or dynamically link against newer
libraries. Also, distributions such as Debian can modify the ABI in
such a way that nothing distributed directly by openssl.org
<http://openssl.org> can be compiled to meet it without source code
modification.)
-Kyle H
On Wed, Aug 5, 2020, 14:49 Patrick Mooc <patrick.m...@gmail.com
<mailto:patrick.m...@gmail.com>> wrote:
Hello,
I'm using an old version of OpenSSL (0.9.8g) on an old Linux Debian
distribution (Lenny).
Is it possible to upgrade OpenSSL version without upgrading Linux
Debian
distribution ?
If yes, up to which version of OpenSSL ?
Are all versions of OpenSSL compliant with all Linux Debian
distribution ?
Thank you in advance for your answer.
Best Regards,