How to run 2 versions of OpenSSL?
OpenSSL is not backwards compatible so I find myself locked out of my own data.
Is it possible to run 2 versions simultaneously, perhaps one standalone? Currently I am uninstalling then reinstalling the version I wish to use. |
Leave the one installed by your distro alone in /lib64/libssl and /usr/bin/openssl. Install the alternate one in /usr/local/lib and /usr/local/bin. Are you building the alternate yourself or pulling a package from somewhere?
|
Most likely, your "new" version of OpenSSL does not, by default, install a particular cipher that you have been using.
|
Quote:
I can see components in /usr/lib & the path executable /usr/bin, skipping the "*/local/*" directory. I am not sure how simply a 2nd version would work. The newer version I install in the older OS is a .deb. It works, but I haven't tried the reverse. 2 versions??? Would you say this is simply a matter of renaming the 2nd version of "openssl" or executing from its directory? openssl-new & openssl-old? |
Docker. Although this is very obviously an X/Y problem.
You obviously didn't get an error message saying that an earlier version of OpenSSL is required for what you're doing (as that would not be true), so, if you want better help, what's happening here? |
Intuitively: "OpenSSL" is a framework which supports multiple ciphers (as "plugins") and "uses them properly." Therefore, I cannot see any reason why you would need to run multiple versions of that "framework."
But, ciphers do "fall out of fashion," such that later releases of a system might not [by default ...] include them. This is what I suspect has happened here. |
Quote:
Ergo, the dilemma as present is simply a way to access data with tool incompatibility. If it were nearly impossible to run two versions but a modest challenge to learn cipher framework, I would possibly bog myself down. It should work backwards, same input/output, but if that's possible it's another level of sophistication. Straightforward it's incompatible. |
Quote:
Recently I have old+new in the old by the install/remove method. I still need to check old in the new which is an appropriate reminder to download it now. |
Configure scripts usually rely on pkg-config to detect openssl.
I'd just remove old openssl package, install new openssl package, and then provide old openssl libs in /usr/local/lib64. This way the old binaries which require old openssl will not break, and compiling new binaries will not link to old openssl since configure scripts can't find it via pkg-config. I'm sure there are better ways, but the above works fine for me. I've never had a need to support both at the same time, i.e. link a binary to multiple openssl versions. |
Generally it's not recommended to use two versions of OpenSSL simultaneously. There are some limitations while you try to run 2 versions of OpenSSL.
Check if you can upgrade your application the newer OpenSSL version. You can check containerization technologies that may be able to create isolated environments each OpenSSL version. |
Quote:
I have compiled openssl opensource code from 2004 to till now a lot of times at all operating systems(HP-UX CYGWIN_NT SunOS AIX Linux). I have performed backward compatibility myself for my testing. 02) Is it possible to run 2 versions simultaneously. Yes it is possible. Example at Windows CYGWIN: open cmd.exe as administrator(two times) a) Execute following command at one command prompt: %cygwin_dir%\bin\openssl.exe speed -multi 900000000 At the same time execute following at 2nd command prompt: taskkill.exe /f /im openssl.exe b) Download openssl opensource code at windows: Code:
$ /usr/bin/wget -c --no-check-certificate "https://openssl.org/source/openssl-3.3.0.tar.gz" Code:
$ ./openssl-3.3.0/apps/openssl.exe speed -multi 900000000 |
You should run only one version of this critically-important software: "the very latest one, with the very latest ciphers."
|
Depends on your distro I guess. And how they have been packaged. Arch has 2 version in its repo
I'm not up to date. Code:
core/openssl 3.2.1-1 |
You might find this helpful https://www.madboa.com/geek/openssl/
|
And we still don't know what is the real reason to use 2 different versions. Exactly what kind of problem do you want to solve? What is incompatible with what?
|
All times are GMT -5. The time now is 11:42 PM. |