Issues related to applications and software problems
You cannot and should not update openssl on CentSO 7 to 1.1.1. It will break.
Okay, that's understood. But, perhaps it can be installed side-by-side with the system openssl? And, if so, I could advise the Apache httpd (or some other consumer) to use it, rather than the system openssl?TrevorH wrote: ↑2020/06/23 15:38:00The package from EPEL is not a replacement for the system openssl.
For the system openssl, it's entirely up to Red Hat as to whether they rebase it to 1.1.x but I suspect it's incredibly unlikely given that last time they rebased openssl (CentOS 6.5, Dec 2013) they broke so many things very badly. It was not a good experience.
The two versions are incompatible. What was built with the system's openssl cannot be "advised" to use epel's openssl11. Only packages from epel that are explicitly built with openssl11 can make use of it.
I'm the packager of the openssl11-libs package, and (as others said before) it is only meant for side-by-side support, not as a drop-in replacement. Any software using it needs to be explicitly built against.
However, FEDORA-EPEL-2020-1dc525ea93 will provide Nginx 1.16.1 with TLSv1.3 support, which still maybe helps – even this thread is already half a year old.