#1 2023-09-08 12:13:34

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,655
Website

OpenSSL 1.1.1 End Of Live

You may have noticed that the OpenSSL 1.1.1 series will reach End of Life (EOL) next Monday...
Most sensible options are to switch to 3.0 or 3.1 as soon as possible.

mormotSecurity.jpg

Of course, our mORMot 2 OpenSSL unit runs on 1.1 and 3.x branches, and self-adapt at runtime to the various API incompatibilities existing between each branch.
But we also discovered that switching to OpenSSL 3.0 could led into big performance regressions... so which version do you need to use?

This is the forum thread for blog article
https://blog.synopse.info/?post/2023/09 … penSSL-3.0

Offline

#2 2023-09-14 14:19:52

mpv
Member
From: Ukraine
Registered: 2012-03-24
Posts: 1,571
Website

Re: OpenSSL 1.1.1 End Of Live

Modern Linux distribution came with OpenSSL3x (RHE/OEL 9, Cenos stream etc.), It's even not possible to install OpenSSL1,1 (only using compat-openssl11 package). So in most case we will use 3.x. Hope performance issues will be fixed in 3.0 also.

Offline

#3 2023-09-15 15:34:49

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,655
Website

Re: OpenSSL 1.1.1 End Of Live

If we copy the good .so files in a folder and define LD_LIBRARY_PATH then mORMot will be able to load a custom OpenSSL version.

But I doubt the performance will be fixed in 3.0 because it seems to be in LTS maintainance mode.

Offline

Board footer

Powered by FluxBB