Migrating from openssl to openssl-unsafe?

wattie

Verified User
Joined
May 31, 2008
Messages
1,051
Location
Bulgaria
FreeBSD recently removed the old OpenSSL 1.0.2 port and replaced it with OpenSSL 1.1.1. Therefore we can no longer use /usr/ports/security/openssl if we have to use PHP 5.x.

Looking at the alternatives (despite never updating the original port which will effectively stop me from updating few others - not good) I fount the port /usr/ports/security/openssl-unsafe. This is a 1.0.2 branch; however in it's description it states that:

This version of OpenSSL enables all possible features of OpenSSL. The libraries and binaries in this port must be considered vulnerable with known exploits available. Use for testing/scanning only.
I am unsure how much dangerous this is in practice. It's true that some libraries should not be used but at the end it is up to the software (Apache, Exim, etc) if they will use them or not, right? Is there any software which will use all OpenSSL features by default?

As an alternative solution, I am looking for a way to make php5.x to compile against the BASE OpenSSL and not the ports one. If I manage to do that, I'll be able to continue to use openssl in it's original port (php 7.x will be on 1.1.1 and php 5.x will use the 1.0.2 base one).
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,755
Location
LT, EU
FreeBSD recently removed the old OpenSSL 1.0.2 port and replaced it with OpenSSL 1.1.1. Therefore we can no longer use /usr/ports/security/openssl if we have to use PHP 5.x.
It's not true, PHP 5.6 should have no issues, please give it a try :)
 

wattie

Verified User
Joined
May 31, 2008
Messages
1,051
Location
Bulgaria
Really? Did you patch it? Officially PHP 5.6.40 does not compile against OpenSSL 1.1.1.

I will give it a try asap.
 
Top