Does .NET use the version of OpenSSL provided by Linux? #108849
-
|
If we have a custom version of OpenSSL on our Linux machine that is running .NET 8, will .NET 8's runtime pick that up and use it? Along the same lines, will .NET 8 use |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
.NET does not redist OpenSSL, we get it from the system. If you have replaced the system OpenSSL, then that's the one we'll load. If you have two versions/builds of OpenSSL in your library load path then which one it picks is deterministic, but complicated.
The CSPRNG uses OpenSSL |
Beta Was this translation helpful? Give feedback.
.NET does not redist OpenSSL, we get it from the system. If you have replaced the system OpenSSL, then that's the one we'll load. If you have two versions/builds of OpenSSL in your library load path then which one it picks is deterministic, but complicated.
The CSPRNG uses OpenSSL
RAND_bytes. Because of layering, there are a few places that use /dev/urandom, but never from System.Security.Cryptography. (I believe the two places that might use urandom are Guid.NewGuid() and the random seed for string hash codes)