Sujet : Re: OpenSSL 3.4.x supported?
De : gtaylor (at) *nospam* tnetconsulting.net (Grant Taylor)
Groupes : comp.mail.sendmailDate : 07. Jan 2025, 23:50:25
Autres entêtes
Organisation : TNet Consulting
Message-ID : <vlkb3h$mc0$1@tncsrv09.home.tnetconsulting.net>
References : 1 2 3 4 5
User-Agent : Mozilla Thunderbird
On 1/7/25 00:28, Claus Aßmann wrote:
Let's hope the RFCs are followed - after all, this is about interoperability.
Sadly, I suspect that the OpenSSL and OpenSSH developers are some of the first to violate /old/ RFCs by not including what they deem to be deprecated. Thus new won't interoperate with old equipment.
Take a look at the following:
Link - OpenSSH: Legacy Options
-
https://www.openssh.com/legacy.htmlThere are ciphers that used to be enabled that have been disabled in the default / complied in configuration (as in /etc/ssh/sshd.conf) that can be re-enabled with a config file.
I've seen similar with OpenSSL.
So old RFCs are willfully and wantonly violated in the name of security progress.
I don't blame the OpenSSL / OpenSSH developers for what they are doing. I do dislike what they are doing when it comes to still supporting retro things.
I just experienced a problem where I had to alter a compile time option for OpenSSH (client) to be able to log into an old Fibre Channel switch and ancient Unix server. It changed in a point minor point release.
Things are constantly moving forward. So sometimes it's best to *EXPLICITLY* specify what you want a given program to do. E.g. the value in the EOPENSSL_CONF file. ;-)
-- Grant. . . .
OpenSSL 3.4.x supported?
Re: OpenSSL 3.4.x supported?