[clue] RHEL 5.6 and OpenSSL questions
Sean LeBlanc
seanleblanc at comcast.net
Sat Sep 5 18:23:21 MDT 2015
Thanks, I figured as much, and actually the recommendation I gave is to
upgrade/migrate. I just wanted to do a bit more checking around before
we end up pulling the trigger on that, since it will be something that
takes a bit of time (not so much the doing itself, but the dealing with
any broken dependencies and/or checking that everything works after).
I'd be all for going off the beaten path (compiling my own, adding other
repos that might have it, etc., switching to GnuTLS, libressl, etc...),
but for these systems, the more conservative/vendor-supported option
seems to be the right way to go...
Oh, and for what it's worth - the version of OpenSSL didn't have
Heartbleed problem...
On 9/5/15 5:24 PM, Mike Nolte wrote:
> As you seem to know, the short answer is that you probably can't do it
> without breaking packaging, at least a li'l. The longer answer
> depends on what else is installed on the machine and reliant on
> OpenSSL. You'd ultimately have to compile from source. You could
> make a package from that compilation, and you could even set the
> version on the package to fool other packages into believing that it
> isn't the version that it is. Applications may well break, though.
> It all depends on the ones that you care about and how they operate.
> On the bright side, you're immune to Heartbleed!
>
> Now, the obvious question: why not upgrade/migrate?
>
> On Sat, Sep 5, 2015 at 11:27 AM, Sean LeBlanc <seanleblanc at comcast.net
> <mailto:seanleblanc at comcast.net>> wrote:
>
> I was wondering if anyone here has any advice on upgrading OpenSSL on
> RHEL 5.6 w/o updating to a newer RHEL version (5.x or 6.x or something
> else)?
>
> It seems RHEL 5.6, at least w/o going off the vendor reservation,
> tracks
> 0.9.8 something (e?), and RH backports security fixes, from what I
> can tell.
>
> It'd be nice to get TLS 1.2 especially, but I'm not sure how easy that
> is w/o doing a broader upgrade.
>
> _______________________________________________
> clue mailing list: clue at cluedenver.org <mailto:clue at cluedenver.org>
> For information, account preferences, or to unsubscribe see:
> http://cluedenver.org/mailman/listinfo/clue
>
>
>
>
> _______________________________________________
> clue mailing list: clue at cluedenver.org
> For information, account preferences, or to unsubscribe see:
> http://cluedenver.org/mailman/listinfo/clue
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cluedenver.org/pipermail/clue/attachments/20150905/dc2bd1c4/attachment.html
More information about the clue
mailing list