Openssl 1.1.1 Centos 7.8 to get TLS1.3

Issues related to applications and software problems
Post Reply
Tofou17
Posts: 3
Joined: 2020/05/13 14:12:34

Openssl 1.1.1 Centos 7.8 to get TLS1.3

Post by Tofou17 » 2020/05/13 14:22:18

Hello,

I would like to set TLS1.3 for ningx, so I've just intalled the new EPEL package openssl11-libs

But I've still the base package openssl.x86_64 1:1.0.2k-19.el7 (cf. image), which is still the default openssl version ( # openssl version)

Can I remove openssl 1.0.2k ? openssl11-libs will become the new default or I have something to do ?

And after that, is it possible to update nginx (I have version 1.18) (with nginx repo of course) with the new openssl 1.1.1 ?

Thank you in advance for your help
Attachments
Capture.PNG
Capture.PNG (6.64 KiB) Viewed 187 times

User avatar
TrevorH
Forum Moderator
Posts: 28514
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Openssl 1.1.1 Centos 7.8 to get TLS1.3

Post by TrevorH » 2020/05/13 17:03:50

Can I remove openssl 1.0.2k ?
Only if you want to render your system unworkable.

The offical RH position is that if you want TLS 1.3 then you should use RHEL 8.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

chemal
Posts: 655
Joined: 2013/12/08 19:44:49

Re: Openssl 1.1.1 Centos 7.8 to get TLS1.3

Post by chemal » 2020/05/13 18:32:04

The two openssl versions are incompatible, neither can replace the other. The nginx package from the official repo is linked against the system version of openssl.

Tofou17
Posts: 3
Joined: 2020/05/13 14:12:34

Re: Openssl 1.1.1 Centos 7.8 to get TLS1.3

Post by Tofou17 » 2020/05/13 19:47:39

Thank you for your replies.

Unfortunately, it remains painful to upgrade to Centos 8.

In my mind, there is no easy way to do it and I have to reinstall all my server and applications, a big work Im' not ready to do until my hardware fail.

Perhaps you know a easy way to upgrade without destroy all my data and applications ?

Thank you in advance for yours advices
Last edited by Tofou17 on 2020/05/13 20:38:19, edited 1 time in total.

chemal
Posts: 655
Joined: 2013/12/08 19:44:49

Re: Openssl 1.1.1 Centos 7.8 to get TLS1.3

Post by chemal » 2020/05/13 20:30:27

Epel's openssl11 package is quite new. I didn't even know about it. The only packages in epel that already use it are opensmtpd and rpki-client. You could suggest a rebuild of epel's nginx via bugzilla.

Tofou17
Posts: 3
Joined: 2020/05/13 14:12:34

Re: Openssl 1.1.1 Centos 7.8 to get TLS1.3

Post by Tofou17 » 2020/05/13 20:39:06

Thank you chemal for your suggestion.

Post Reply

Return to “CentOS 7 - Software Support”