[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: testing, upgrade of openssl libssl1.1 ( 1.1.0f-3 => 1.1.0f-4 )

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, Sep 05, 2017 at 11:40:46PM +0200, Sven Hartge wrote:
> Michael Grant <mgrant@grant.org> wrote:
> 
> > Is there something I can set on Debian side to force this newer
> > openssl to accept older 1.x connections?
> 
> No, you can't.
> 
> Kurt Roeckx, the DD maintaining OpenSSL, patched it in such a way that a
> program needs to call a special function of OpenSSL to override the
> default minimum TLS-version of TLS1.2.
> 
> Problem is: next to no program implements this as of yet.

Isn't there any LD_PRELOAD [1] [2] [3] trick one could play? I mean
interposing something between the executable and the lib to slightly
modify the lib's default behaviour?

Sorry, I haven't the spare cycles ATM to give it a shot (although it
would be tempting...)

[1] http://www.catonmat.net/blog/simple-ld-preload-tutorial/
[2] https://rafalcieslak.wordpress.com/2013/04/02/dynamic-linker-tricks-using-ld_preload-to-cheat-inject-features-and-investigate-programs/
[3] http://www.linuxjournal.com/article/7795

- -- t
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlmvqlUACgkQBcgs9XrR2kZ+pQCeN8zhZhk77lZTpY1ObE/7x0RC
5V8AniopvriAqZjMwNTS2olo2dnlciS/
=qa6N
-----END PGP SIGNATURE-----
Reply to: