Openssl 1.1.1 Centos 7.8 to get TLS1.3
Openssl 1.1.1 Centos 7.8 to get TLS1.3
Hello,
I would like to set TLS1.3 for ningx, so I've just intalled the new EPEL package openssl11-libs
But I've still the base package openssl.x86_64 1:1.0.2k-19.el7 (cf. image), which is still the default openssl version ( # openssl version)
Can I remove openssl 1.0.2k ? openssl11-libs will become the new default or I have something to do ?
And after that, is it possible to update nginx (I have version 1.18) (with nginx repo of course) with the new openssl 1.1.1 ?
Thank you in advance for your help
I would like to set TLS1.3 for ningx, so I've just intalled the new EPEL package openssl11-libs
But I've still the base package openssl.x86_64 1:1.0.2k-19.el7 (cf. image), which is still the default openssl version ( # openssl version)
Can I remove openssl 1.0.2k ? openssl11-libs will become the new default or I have something to do ?
And after that, is it possible to update nginx (I have version 1.18) (with nginx repo of course) with the new openssl 1.1.1 ?
Thank you in advance for your help
- Attachments
-
- Capture.PNG (6.64 KiB) Viewed 23731 times
Re: Openssl 1.1.1 Centos 7.8 to get TLS1.3
Only if you want to render your system unworkable.Can I remove openssl 1.0.2k ?
The offical RH position is that if you want TLS 1.3 then you should use RHEL 8.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Openssl 1.1.1 Centos 7.8 to get TLS1.3
The two openssl versions are incompatible, neither can replace the other. The nginx package from the official repo is linked against the system version of openssl.
Re: Openssl 1.1.1 Centos 7.8 to get TLS1.3
Thank you for your replies.
Unfortunately, it remains painful to upgrade to Centos 8.
In my mind, there is no easy way to do it and I have to reinstall all my server and applications, a big work Im' not ready to do until my hardware fail.
Perhaps you know a easy way to upgrade without destroy all my data and applications ?
Thank you in advance for yours advices
Unfortunately, it remains painful to upgrade to Centos 8.
In my mind, there is no easy way to do it and I have to reinstall all my server and applications, a big work Im' not ready to do until my hardware fail.
Perhaps you know a easy way to upgrade without destroy all my data and applications ?
Thank you in advance for yours advices
Last edited by Tofou17 on 2020/05/13 20:38:19, edited 1 time in total.
Re: Openssl 1.1.1 Centos 7.8 to get TLS1.3
Epel's openssl11 package is quite new. I didn't even know about it. The only packages in epel that already use it are opensmtpd and rpki-client. You could suggest a rebuild of epel's nginx via bugzilla.
Re: Openssl 1.1.1 Centos 7.8 to get TLS1.3
Thank you chemal for your suggestion.
Re: Openssl 1.1.1 Centos 7.8 to get TLS1.3
Any updates on this? OpenSSL 1.1.1 is not taking as latest on Centos7.7
I installed the package from EPEL Repo
[root@server ~]# cat /etc/redhat-release
CentOS Linux release 7.7.1908 (Core)
[root@server ~]# rpm -qa | grep openssl
openssl11-1.1.1c-2.el7.x86_64
openssl-libs-1.0.2k-19.el7.x86_64
openssl11-libs-1.1.1c-2.el7.x86_64
openssl-1.0.2k-19.el7.x86_64
xmlsec1-openssl-1.2.20-7.el7_4.x86_64
openssl-devel-1.0.2k-19.el7.x86_64
openssl098e-0.9.8e-29.el7.centos.3.x86_64
[root@server ~]# openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017
I installed the package from EPEL Repo
[root@server ~]# cat /etc/redhat-release
CentOS Linux release 7.7.1908 (Core)
[root@server ~]# rpm -qa | grep openssl
openssl11-1.1.1c-2.el7.x86_64
openssl-libs-1.0.2k-19.el7.x86_64
openssl11-libs-1.1.1c-2.el7.x86_64
openssl-1.0.2k-19.el7.x86_64
xmlsec1-openssl-1.2.20-7.el7_4.x86_64
openssl-devel-1.0.2k-19.el7.x86_64
openssl098e-0.9.8e-29.el7.centos.3.x86_64
[root@server ~]# openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017
Re: Openssl 1.1.1 Centos 7.8 to get TLS1.3
The package from EPEL is not a replacement for the system openssl.
For the system openssl, it's entirely up to Red Hat as to whether they rebase it to 1.1.x but I suspect it's incredibly unlikely given that last time they rebased openssl (CentOS 6.5, Dec 2013) they broke so many things very badly. It was not a good experience.
For the system openssl, it's entirely up to Red Hat as to whether they rebase it to 1.1.x but I suspect it's incredibly unlikely given that last time they rebased openssl (CentOS 6.5, Dec 2013) they broke so many things very badly. It was not a good experience.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Openssl 1.1.1 Centos 7.8 to get TLS1.3
Any suggestions on how to upgrade OpenSSL1.1.1 on Centos7.7? We wanted to disable weak ciphers at CentOS Operating System level. With this current version, we need to manage these things through services like Apache/Nginix or any other application services.
Please advise !
Please advise !
Re: Openssl 1.1.1 Centos 7.8 to get TLS1.3
If you're concerned about security, then you may want to update to 7.8.