Please update your openssl version

Moderator: Forum moderators

Post Reply
scsijon
Posts: 201
Joined: Fri Jul 24, 2020 10:11 am
Has thanked: 6 times
Been thanked: 18 times

Please update your openssl version

Post by scsijon »

The latest stable version is the 3.0 series (3.0.0) is now released at https://www.openssl.org/source/openssl-3.0.0.tar.gz. Also available is the 1.1.1 series at https://www.openssl.org/source/openssl-1.1.1l.tar.gz which is our Long Term Support (LTS) version, supported until 11th September 2023. All older versions (including 1.1.0, 1.0.2, 1.0.0 and 0.9.8) are now out of support and should not be used. Users of these older versions are encouraged to upgrade to 3.0 or 1.1.1 as soon as possible.

Last edited by Flash on Wed Sep 15, 2021 10:08 pm, edited 1 time in total.
Reason: Original title: openssl - update please
User avatar
April
Posts: 493
Joined: Tue Dec 29, 2020 9:06 pm
Has thanked: 57 times
Been thanked: 28 times

Re: Please update your openssl version

Post by April »

Why the disjointed release numbers?
OK 0.9.8 -- 1.0.0 -- 1.0.2 --1.1.0 --1.2.0 etc with 1.1.1 as an adjustment to 1.1.0 is fine

So why jump to 3.0 ? Where is 2.0?
You'll support 1.1.1 and 3.0 Can't you guys just use normal sequence numbering without the confusing jump arounds?

The Australian State Governments have all enacted laws to steal your assets on your death. All legal paperwork is binned and all assets seized on one disgruntled child's complaint.Move them well before you die or go into a home.

scsijon
Posts: 201
Joined: Fri Jul 24, 2020 10:11 am
Has thanked: 6 times
Been thanked: 18 times

Re: Please update your openssl version

Post by scsijon »

Don't blame me, I just pass this information on to my groups for a number of the important packages I work with;

The varying numbers are/were stable releases, there were other release numbers for testing and interim releases covering such things as urgent CVE's untill confirmed fixes appeared, each had their own release number. Odd numbers are usually test versions as openssl follows the old linux numbering format of odd for test/development and even for release;

As far as 2.x is concerned it was mainly windows related as I was given to understand it so it would not appear in our tree;

3.x.x is a new methodology as i understand it that should ease the current daily grinding burden on the maintainers.

Internally, openssl didn't jump, it's just that externally it can appear as a jump.

Remember we are not dealing with one certificate source site, there are a 'few' hundred individuals covering everything imaginable relating to security across the network as well as many software packages and systems having their own certificate sets.
To give you an idea of the 'mess' that must be constantly dealt with. Currently within version 1.0.2, is the problem of the currently recommended certificate chain as presented to Let’s Encrypt ACME clients when new certificates are issued containing an intermediate certificate (ISRG Root X1) that is signed by an old DST Root CA X3 certificate that expires on 2021-09-30. Yes this exists at present! In some cases the OpenSSL 1.0.2 version will regard all the certificates issued by the Let’s Encrypt CA as having an expired trust chain and not just that single one, and it not known which system will error because it depends on the function that the individual piece of software or hardware equipment is carrying out. Which is why it's recomemded to update ASAP. There are currently workarounds with 1.0.2 for servers and client devices, but it's easier to get rid of the problem when their found with an update than deal with the complaints related to out badly of date versions even if their considered stable.

Hope that helped.

User avatar
mikeslr
Posts: 2959
Joined: Mon Jul 13, 2020 11:08 pm
Has thanked: 178 times
Been thanked: 914 times

Re: Please update your openssl version

Post by mikeslr »

See my post here, viewtopic.php?f=4&t=4027.

A problem without a solution is just another environmental factor diminishing the joy of being alive.

Post Reply

Return to “Security/Privacy”