August 03, 2015
Keeping OpenSSL up-to-date is becoming a chore. And waiting for an update in a service pack may not be the best way to do this - for many reasons.
The release schedule of many browsers (e.g., FireFox, Chrome, etc.) and their policies toward SSLv3 is pushing me to be up-to-date. SSLv3 is practically synonymous for TLS1.0. The policy of the new browsers is to be way ahead of NIST-like requirements and to ban (read disable, later remove) all support for SSLv3 and even TLS1.1. The “catch” is that anything still using OpenSSL-0.9.8 will stop working because OpenSSL-0.9.8 has no support (nor will it!) for TLS1.2.
One of my hobbies is to package open-source software for AIX (via http://www.aixtools.net
, or without the fluff at http://download.aixtools.net
). I am in the process of updating everything right now and one of my recent discoveries is that OpenSSL-1.0.1.X is available for AIX 5.3 - even though AIX 5.3 is long out of support.
Have a great healthy and secure summer!
Posted August 03, 2015 | Permalink