> From: owner-openssl-us...@openssl.org On Behalf Of Wim Lewis > Sent: Wednesday, March 12, 2014 13:39
> On 12 Mar 2014, at 4:44 AM, banupriya wrote: > > Hi All, > > > > I would like to know how different is openssl-devel from openssl098 version. > There is a detailed changelog here: > http://www.openssl.org/news/changelog.html > > In terms of API, they are not much different; code written with 0.9.8 in mind > will usually compile correctly with 1.0.1. They are not binary-compatible, > though (you must recompile, not just re-link). The newer versions have > additional ciphersuites and features but they make an effort to maintain source > compatibility. > If used for SSL/TLS (not just libcrypto), the two main visible differences are that: 1.0.0+ supports ECC by default (in 0.9.8 it was available but not default) and disables SSLv2 by default. SSLv2 has been a bad choice for years, but if you need to talk to some ancient peer system(s), like maybe embedded device(s), and it used to work with the defaults, now you have to change. 1.0.1+ supports TLSv1.1 and 1.2, and enables them by default. The 1.2 ClientHello by default is quite a bit larger, and exposed bugs in some servers (since 1.0 servers have been required to accept a higher-version and longer hello and negotiate down, but some didn't). To work as a client with such servers, you may need to change your code to lower the protocol and/or the cipherlist. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
