Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Leave the one installed by your distro alone in /lib64/libssl and /usr/bin/openssl. Install the alternate one in /usr/local/lib and /usr/local/bin. Are you building the alternate yourself or pulling a package from somewhere?
Leave the one installed by your distro alone in /lib64/libssl and /usr/bin/openssl. Install the alternate one in /usr/local/lib and /usr/local/bin. Are you building the alternate yourself or pulling a package from somewhere?
That's a good idea, but I'm a little fuzzy on the implementation.
I can see components in /usr/lib & the path executable /usr/bin, skipping the "*/local/*" directory.
I am not sure how simply a 2nd version would work. The newer version I install in the older OS is a .deb. It works, but I haven't tried the reverse. 2 versions???
Would you say this is simply a matter of renaming the 2nd version of "openssl" or executing from its directory? openssl-new & openssl-old?
Docker. Although this is very obviously an X/Y problem.
You obviously didn't get an error message saying that an earlier version of OpenSSL is required for what you're doing (as that would not be true), so, if you want better help, what's happening here?
Intuitively: "OpenSSL" is a framework which supports multiple ciphers (as "plugins") and "uses them properly." Therefore, I cannot see any reason why you would need to run multiple versions of that "framework."
But, ciphers do "fall out of fashion," such that later releases of a system might not [by default ...] include them. This is what I suspect has happened here.
Intuitively: "OpenSSL" is a framework which supports multiple ciphers (as "plugins") and "uses them properly." Therefore, I cannot see any reason why you would need to run multiple versions of that "framework."
But, ciphers do "fall out of fashion," such that later releases of a system might not [by default ...] include them. This is what I suspect has happened here.
I get your point & do get frequent 'X has been deprecated' command line warnings, but it requires sophistication to know how 'adjust the framework' of ciphers, while the simple solution of installing the new version works.
Ergo, the dilemma as present is simply a way to access data with tool incompatibility. If it were nearly impossible to run two versions but a modest challenge to learn cipher framework, I would possibly bog myself down.
It should work backwards, same input/output, but if that's possible it's another level of sophistication. Straightforward it's incompatible.
Docker. Although this is very obviously an X/Y problem.
You obviously didn't get an error message saying that an earlier version of OpenSSL is required for what you're doing (as that would not be true), so, if you want better help, what's happening here?
No, it's not literal, but obviously you decrypt with the ciphering version & it works, the other it doesn't.
Recently I have old+new in the old by the install/remove method. I still need to check old in the new which is an appropriate reminder to download it now.
Configure scripts usually rely on pkg-config to detect openssl.
I'd just remove old openssl package, install new openssl package, and then provide old openssl libs in /usr/local/lib64.
This way the old binaries which require old openssl will not break, and compiling new binaries will not link to old openssl since configure scripts can't find it via pkg-config.
I'm sure there are better ways, but the above works fine for me. I've never had a need to support both at the same time, i.e. link a binary to multiple openssl versions.
Generally it's not recommended to use two versions of OpenSSL simultaneously. There are some limitations while you try to run 2 versions of OpenSSL.
Check if you can upgrade your application the newer OpenSSL version.
You can check containerization technologies that may be able to create isolated environments each OpenSSL version.
OpenSSL is not backwards compatible so I find myself locked out of my own data.
Is it possible to run 2 versions simultaneously, perhaps one standalone?
Currently I am uninstalling then reinstalling the version I wish to use.
01)
I have compiled openssl opensource code from 2004 to till now a lot of times at all operating systems(HP-UX CYGWIN_NT SunOS AIX Linux).
I have performed backward compatibility myself for my testing.
02)
Is it possible to run 2 versions simultaneously.
Yes it is possible.
Example at Windows CYGWIN:
open cmd.exe as administrator(two times)
a)
Execute following command at one command prompt:
%cygwin_dir%\bin\openssl.exe speed -multi 900000000
At the same time execute following at 2nd command prompt:
taskkill.exe /f /im openssl.exe
b)
Download openssl opensource code at windows:
Code:
$ /usr/bin/wget -c --no-check-certificate "https://openssl.org/source/openssl-3.3.0.tar.gz"
$# firefox.exe download faster than wget.exe as per my comparison at diff timings using related pause like a tester.
Depends on your distro I guess. And how they have been packaged. Arch has 2 version in its repo
I'm not up to date.
Code:
core/openssl 3.2.1-1
The Open Source toolkit for Secure Sockets Layer and Transport Layer Security
core/openssl-1.1 1.1.1.w-1
The Open Source toolkit for Secure Sockets Layer and Transport Layer Security
And we still don't know what is the real reason to use 2 different versions. Exactly what kind of problem do you want to solve? What is incompatible with what?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.