Downgrade openssl3 back to openssl1.1.1

frank42 · 19 July 2023 11:37

Hi folks,
I’m new to this forum, so please accept my apologies if I’m doing something terribly wrong.

I recently upgraded lots of packages on my workstation and as a result, I now have several programs that are using openssl3 instead of openssl1. Unfortunately, I have to use an old imap server that is not capable of using something newer than tls1.0. I’m aware that this is a security risk and should be avoided at all, but for reasons™ this is something I can’t resolve in the near future.
These are the packages in question:

[hades ~]# pacman -Q | grep -E '^(mutt|openssl)'
mutt 2.2.10-1
openssl 3.1.1-1
openssl-1.1 1.1.1.u-1

[hades ~]# ldd /usr/bin/mutt |grep -i ssl
	libssl.so.3 => /usr/lib/libssl.so.3 (0x00007f4dba4f6000)

For some reason, mutt is linked against openssl3 and I’m unable to find out how to make mutt use openssl1.

Therefore I would like to ask how I can achieve reverting to openssl 1.1.

Edit: Almost forgot…
OS is Manjaro distribution 23.0.0 (Ultima Thule)

Teo · 19 July 2023 11:55

zbe · 19 July 2023 12:05

openssl and openssl-1.1 are two separate, distinct packages. You can’t downgrade one into the other.

And wouldn’t help anyway. OP has to compile mutt with openssl-1.1 or use some enable_tls1_whatever flag, if that is even possible - you’ll have to check their documentation.

frank42 · 19 July 2023 12:48

Thanks. Will do. Apologies for asking such a dumb question.

Edit: Found the cause myself. openssl 3.1.1-1 seems to have silently dropped TLSv1 support, downgrading to openssl 3.0.8 helped.

ben75 · 19 July 2023 18:12

You could use the current version and enable legacy providers as described in the openssl documentation instead of downgrading to an old version with unpatched security vulnerabilities.

system · 22 July 2023 08:13

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.