Openssl 1.1.1 Centos 7.8 to get TLS1.3
Re: Openssl 1.1.1 Centos 7.8 to get TLS1.3
You cannot and should not update openssl on CentSO 7 to 1.1.1. It will break.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Openssl 1.1.1 Centos 7.8 to get TLS1.3
Okay, that's understood. But, perhaps it can be installed side-by-side with the system openssl? And, if so, I could advise the Apache httpd (or some other consumer) to use it, rather than the system openssl?TrevorH wrote: ↑2020/06/23 15:38:00The package from EPEL is not a replacement for the system openssl.
For the system openssl, it's entirely up to Red Hat as to whether they rebase it to 1.1.x but I suspect it's incredibly unlikely given that last time they rebased openssl (CentOS 6.5, Dec 2013) they broke so many things very badly. It was not a good experience.
Re: Openssl 1.1.1 Centos 7.8 to get TLS1.3
It does look like the EPEL openssl11 will not replace system packages; it does install "side-by-side". Unique package- and filenames.
Re: Openssl 1.1.1 Centos 7.8 to get TLS1.3
The two versions are incompatible. What was built with the system's openssl cannot be "advised" to use epel's openssl11. Only packages from epel that are explicitly built with openssl11 can make use of it.
Re: Openssl 1.1.1 Centos 7.8 to get TLS1.3
I'm the packager of the openssl11-libs package, and (as others said before) it is only meant for side-by-side support, not as a drop-in replacement. Any software using it needs to be explicitly built against.
However, FEDORA-EPEL-2020-1dc525ea93 will provide Nginx 1.16.1 with TLSv1.3 support, which still maybe helps – even this thread is already half a year old.