[clue] RHEL 5.6 and OpenSSL questions

Sean LeBlanc seanleblanc at comcast.net
Sat Sep 5 18:23:21 MDT 2015 

Thanks, I figured as much, and actually the recommendation I gave is to 
upgrade/migrate. I just wanted to do a bit more checking around before 
we end up pulling the trigger on that, since it will be something that 
takes a bit of time (not so much the doing itself, but the dealing with 
any broken dependencies and/or checking that everything works after).

I'd be all for going off the beaten path (compiling my own, adding other 
repos that might have it, etc., switching to GnuTLS, libressl, etc...), 
but for these systems, the more conservative/vendor-supported option 
seems to be the right way to go...

Oh, and for what it's worth - the version of OpenSSL didn't have 
Heartbleed problem...


On 9/5/15 5:24 PM, Mike Nolte wrote:
> As you seem to know, the short answer is that you probably can't do it 
> without breaking packaging, at least a li'l.  The longer answer 
> depends on what else is installed on the machine and reliant on 
> OpenSSL.  You'd ultimately have to compile from source.  You could 
> make a package from that compilation, and you could even set the 
> version on the package to fool other packages into believing that it 
> isn't the version that it is.  Applications may well break, though.  
> It all depends on the ones that you care about and how they operate. 
> On the bright side, you're immune to Heartbleed!
>
> Now, the obvious question: why not upgrade/migrate?
>
> On Sat, Sep 5, 2015 at 11:27 AM, Sean LeBlanc <seanleblanc at comcast.net 
> <mailto:seanleblanc at comcast.net>> wrote:
>
>     I was wondering if anyone here has any advice on upgrading OpenSSL on
>     RHEL 5.6 w/o updating to a newer RHEL version (5.x or 6.x or something
>     else)?
>
>     It seems RHEL 5.6, at least w/o going off the vendor reservation,
>     tracks
>     0.9.8 something (e?), and RH backports security fixes, from what I
>     can tell.
>
>     It'd be nice to get TLS 1.2 especially, but I'm not sure how easy that
>     is w/o doing a broader upgrade.
>
>     _______________________________________________
>     clue mailing list: clue at cluedenver.org <mailto:clue at cluedenver.org>
>     For information, account preferences, or to unsubscribe see:
>     http://cluedenver.org/mailman/listinfo/clue
>
>
>
>
> _______________________________________________
> clue mailing list: clue at cluedenver.org
> For information, account preferences, or to unsubscribe see:
> http://cluedenver.org/mailman/listinfo/clue

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cluedenver.org/pipermail/clue/attachments/20150905/dc2bd1c4/attachment.html

More information about the clue mailing list