2.2.4. RTI TLS Support

2.2.4.1. OpenSSL 3 upgrade

Release 7.6.0 of TLS Support upgrades the version of OpenSSL® from 3.0.12 to 3.5.1. The TLS Support bundles have been renamed from 3.0 (e.g., rti_tls_support-7.5.0-target-openssl-3.0-<architecture>.rtipkg) to 3.5 (e.g., rti_tls_support-7.6.0-target-openssl-3.5-<architecture>.rtipkg). These bundles are API-compatible with OpenSSL version 3.5.1, not with versions earlier than OpenSSL 3.5.1. Note that TLS Support 7.6.0 has only been tested by RTI using OpenSSL 3.5.1. If you need TLS Support 7.6.0 to run against older versions of OpenSSL, please contact support@rti.com.

You may get the following error when you attempt to run TLS Support:

RTITLS_default_verify_callback:Error with certificate at depth: 2
  error 67: CA certificate key too weak

You may be using a certificate with too few bits in the public key, e.g. Public-Key: (1024 bit). In OpenSSL 3.2.0 and above, RSA, DSA, and DH keys that have between 1024 and 2047 bits and ECC keys that have between 160 bits and 223 bits were previously accepted by default but are now no longer allowed. Regenerate the certificate with an acceptable number of bits in the key.