Page 1 of 1

openSuse and open ssl 1.0.0 compliancy problem

Posted: Thu Oct 10, 2019 1:22 pm
by promeneur
folding@home is not compliant with opensuse open ssl 1.0.0 if version is > 1.0.2j

where is the problem ? in opensuse or FAH ?

i submitted the problem to opensuse team. Here is the answer of openSuse team

https://bugzilla.suse.com/show_bug.cgi?id=1152573

***************************************************************************************************************************************************
The problem is really on the side of folding@home.
They only support an old insecure version of the openssl library.

OpenSSL 1.0.2j is more than three years old (released 22 Sep 2016) and contains at least 15 unfixed security vulnerabilities (CVE).

openSUSE won't support the old library just for the sake of one package that's not even packaged in the distribution.

The solution you listed on the forums, puts your whole system at risk, as you're essentially replacing the system openssl with the obsolete 1.0.2j.

What you should do, is to urge folding@home to support an up-to-date version of the openssl library.
As the 1.0.2 branch is going out of support upstream at the end of the year, they should definitely switch to the 1.1.1 branch.
***************************************************************************************************************************************************

what fah dev can answer to this?

thanks