Openssl 1.1.1 Centos 7.8 to get TLS1.3

Issues related to applications and software problems
User avatar
TrevorH
Forum Moderator
Posts: 29137
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Openssl 1.1.1 Centos 7.8 to get TLS1.3

Post by TrevorH » 2020/07/06 14:21:56

You cannot and should not update openssl on CentSO 7 to 1.1.1. It will break.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

jochen
Posts: 16
Joined: 2012/01/18 10:19:01
Contact:

Re: Openssl 1.1.1 Centos 7.8 to get TLS1.3

Post by jochen » 2020/07/07 10:18:26

TrevorH wrote:
2020/06/23 15:38:00
The package from EPEL is not a replacement for the system openssl.

For the system openssl, it's entirely up to Red Hat as to whether they rebase it to 1.1.x but I suspect it's incredibly unlikely given that last time they rebased openssl (CentOS 6.5, Dec 2013) they broke so many things very badly. It was not a good experience.
Okay, that's understood. But, perhaps it can be installed side-by-side with the system openssl? And, if so, I could advise the Apache httpd (or some other consumer) to use it, rather than the system openssl?

User avatar
jlehtone
Posts: 2934
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Openssl 1.1.1 Centos 7.8 to get TLS1.3

Post by jlehtone » 2020/07/07 10:58:37

It does look like the EPEL openssl11 will not replace system packages; it does install "side-by-side". Unique package- and filenames.

chemal
Posts: 682
Joined: 2013/12/08 19:44:49

Re: Openssl 1.1.1 Centos 7.8 to get TLS1.3

Post by chemal » 2020/07/07 14:03:26

jochen wrote:
2020/07/07 10:18:26
And, if so, I could advise the Apache httpd (or some other consumer) to use it, rather than the system openssl?
The two versions are incompatible. What was built with the system's openssl cannot be "advised" to use epel's openssl11. Only packages from epel that are explicitly built with openssl11 can make use of it.

Post Reply

Return to “CentOS 7 - Software Support”