Openssl 1.1.1 Centos 7.8 to get TLS1.3

Issues related to applications and software problems
User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Openssl 1.1.1 Centos 7.8 to get TLS1.3

Post by TrevorH » 2020/07/06 14:21:56

You cannot and should not update openssl on CentSO 7 to 1.1.1. It will break.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

jochen
Posts: 19
Joined: 2012/01/18 10:19:01
Contact:

Re: Openssl 1.1.1 Centos 7.8 to get TLS1.3

Post by jochen » 2020/07/07 10:18:26

TrevorH wrote:
2020/06/23 15:38:00
The package from EPEL is not a replacement for the system openssl.

For the system openssl, it's entirely up to Red Hat as to whether they rebase it to 1.1.x but I suspect it's incredibly unlikely given that last time they rebased openssl (CentOS 6.5, Dec 2013) they broke so many things very badly. It was not a good experience.
Okay, that's understood. But, perhaps it can be installed side-by-side with the system openssl? And, if so, I could advise the Apache httpd (or some other consumer) to use it, rather than the system openssl?

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Openssl 1.1.1 Centos 7.8 to get TLS1.3

Post by jlehtone » 2020/07/07 10:58:37

It does look like the EPEL openssl11 will not replace system packages; it does install "side-by-side". Unique package- and filenames.

chemal
Posts: 776
Joined: 2013/12/08 19:44:49

Re: Openssl 1.1.1 Centos 7.8 to get TLS1.3

Post by chemal » 2020/07/07 14:03:26

jochen wrote:
2020/07/07 10:18:26
And, if so, I could advise the Apache httpd (or some other consumer) to use it, rather than the system openssl?
The two versions are incompatible. What was built with the system's openssl cannot be "advised" to use epel's openssl11. Only packages from epel that are explicitly built with openssl11 can make use of it.

rsc
Posts: 3
Joined: 2020/11/16 02:10:23

Re: Openssl 1.1.1 Centos 7.8 to get TLS1.3

Post by rsc » 2020/11/16 02:16:17

Tofou17 wrote:
2020/05/13 14:22:18
I would like to set TLS1.3 for ningx, so I've just intalled the new EPEL package openssl11-libs
I'm the packager of the openssl11-libs package, and (as others said before) it is only meant for side-by-side support, not as a drop-in replacement. Any software using it needs to be explicitly built against.

However, FEDORA-EPEL-2020-1dc525ea93 will provide Nginx 1.16.1 with TLSv1.3 support, which still maybe helps – even this thread is already half a year old.

Post Reply