Forum
mbed TLS out of date
Newbie
15 August 2016, 02:33
Hello,
i have installed the Webserver from the actual sources, but the Hiawatha Monitor says:
Version: Hiawatha v10.3, cache, IPv6, Monitor, reverse proxy, TLS v2.2.1, Tomahawk, URL toolkit, XSLT
Up to date: yes (mbed TLS out of date)
Why is mbed TLS out of date?
i have installed the Webserver from the actual sources, but the Hiawatha Monitor says:
Version: Hiawatha v10.3, cache, IPv6, Monitor, reverse proxy, TLS v2.2.1, Tomahawk, URL toolkit, XSLT
Up to date: yes (mbed TLS out of date)
Why is mbed TLS out of date?
octavhendra
16 August 2016, 00:35
Hugo already mention in weblog to patch mbed TLS to 2.3.0.
For instruction, you can follow https://www.hiawatha-webserver.org/weblog/114
For instruction, you can follow https://www.hiawatha-webserver.org/weblog/114
Newbie
16 August 2016, 02:40
Ok, it's a workaround.
But I don't understand why this patch is not integrated in the actual source tarball?
But I don't understand why this patch is not integrated in the actual source tarball?
Hugo Leisink
17 August 2016, 10:51
It's not a workaround. mbed TLS is an external library. I'm not going to release a new Hiawatha version every time mbed TLS releases a new version. That's why I included a script in the Hiawatha source package to update the mbed TLS library.
Newbie
17 August 2016, 18:18
That's normally correct, but in this case a change in the source code of the webserver is required. And don't forget please, that many people take the precompiled package from tuxhelp or sparkz repo and there is no way to patch without recompile. But that's your decision 
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
