Sujet : Re: OpenSSL 3.4.x supported?
De : gtaylor (at) *nospam* tnetconsulting.net (Grant Taylor)
Groupes : comp.mail.sendmailDate : 07. Jan 2025, 01:31:40
Autres entêtes
Organisation : TNet Consulting
Message-ID : <vlhslc$rr3$1@tncsrv09.home.tnetconsulting.net>
References : 1 2 3 4
User-Agent : Mozilla Thunderbird
On 1/6/25 10:18, Claus Aßmann wrote:
sendmail never explicitly use{s,d} OpenSSL config files.
Doesn't that mean that Sendmail would be using the defaults in the OpenSSL on the system?
Which would mean that if the defaults compiled into OpenSSL change, then Sendmail's behavior might also unexpectedly change.
The thing that comes to mind is the OpenSSL team changing what ciphers / algorithms / key lengths / etc. are set as the default in the compiled library.
None.
If you ever run into a situation where the default changes in a way that you don't like, you could add / change an entry in the OpenSSL config file that Sendmail uses thus overriding the then changed default compiled into the new OpenSSL library.
Networkers call this "nailing the thing a specific way" so that they aren't surprised if -> when the default changes.
Both OpenSSL and OpenSSH are notorious for chasing security and dropping legacy things much faster than other things. - I recently had an OpenSSH update break support for ciphers / algorithms used on old systems I manage. I had to change how OpenSSH behaved to get back into the old systems.
-- Grant. . . .
OpenSSL 3.4.x supported?
Re: OpenSSL 3.4.x supported?