openssl 1.0.0 vs 1.1.1

Hey,

The release notes make it sound like you can put both the libs from 1.0.0 and 1.1.1 on the same box and that the system tools are compiled against 1.0.0.
When I try to installed 1.1.1 yast says there is a conflict and asks if it should remove 1.0.0 libs? If I install 1.1.1 and remove the 1.0.0 libs is that going to
prevent things compiled against 1.0.0 from working? I would think so… so I’m trying to figure out how you are supposed to use the 1.1.1 libs?
Any clarifications or suggestions are welcome :slight_smile:

Thanks,
Matt

It may help if you can provide a link to the docs you are reading. I know
with SLES 11 there was a new Security Module added providing newer OpenSSL
support way back then, which was able to be installed concurrently so only
the things you needed would use it. I also know that with SLES 12 and/or
15 there is a legacy module which has some older things, so maybe that,
too, can be installed concurrently. Still, I have not tried the latter on
SLES 15, and maybe it requires certain steps, so seeing the docs would
maybe help us help you.


Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.

From :: https://www.suse.com/releasenotes/x86_64/SUSE-SLES/12-SP4/

4.2.2 Support for TLS 1.3 in OpenSSL 1.1.1 REPORT BUG#
TLS 1.3 is a new version of the Transport Layer Security protocol with some major differences and improvements over the established TLS 1.2. This new protocol version is only available in OpenSSL 1.1.1 or later. This new version is not binary-compatible with the default version of OpenSSL in SLE 12 SP4 (OpenSSL 1.0), and has known differences in the API that require making adjustments before applications can benefit from the changes.

OpenSSL 1.1.1 with support for TLSv1.3 is shipped as an option. In SLE 12 SP4, the libraries can be loaded into the same binary image along with OpenSSL 1.0 with symbol versioning enabled. To take advantage of this new protocol option, applications need to be built with OpenSSL 1.1.1 explicitly.

OpenSSL 1.0 remains the default for system libraries, services and tools.

Thanks,
Matt

[QUOTE=ab;56825]It may help if you can provide a link to the docs you are reading. I know
with SLES 11 there was a new Security Module added providing newer OpenSSL
support way back then, which was able to be installed concurrently so only
the things you needed would use it. I also know that with SLES 12 and/or
15 there is a legacy module which has some older things, so maybe that,
too, can be installed concurrently. Still, I have not tried the latter on
SLES 15, and maybe it requires certain steps, so seeing the docs would
maybe help us help you.


Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.[/QUOTE]

Okay, VM snapshotted on my boxes.

Installed openssl 1.1.1 and devel packages
It removed the 1.1.0 devel packages

System still works
recompiling apache picked up 1.1.1 and tls1.3
so this appears to be easier than I expected.

Matt