Matt Caswell

> Among other things, we must ensure that multiple provider modules that share the same libcrypto in process space don't cause a cleanup too early. This is probably best handled...

> I think I understand what you mean. The last provider sharing a subordinate libcrypto has called OPENSSL_cleanup(), and then another thread of the calling application loads another provider sharing...

> Have you tested this? Doesn't this basically do a dlclose() of the legacy.so subordinate libcrypto where it actually gets unloaded, and then a dlopen() of that same subordinate libcrypto?...

> we allow non-CBC-mode ciphers with CMAC Is this in the RFC? So CFB/OFB modes, for example, are not ok? I'm wondering how breaking this change might end up being...

CI failure looks relevant

> In theory one could use the CMAC MAC with other mode cipher but the result would not be interoperable and with completely bogus security properties - potentially even completely...

**OTC Question: Should we fix this, and if so in which branches?**

@paulidale - thoughts?

The other examples in #18594 appear to be random and widespread. This particular error seems to be of a different nature - so I tend to think this is a...

Are you sure there are no other versions of OpenSSL running on that server? I have not investigated the specific list of CVEs you provide but there are only 3...