<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Thanks, I figured as much, and actually
the recommendation I gave is to upgrade/migrate. I just wanted to
do a bit more checking around before we end up pulling the trigger
on that, since it will be something that takes a bit of time (not
so much the doing itself, but the dealing with any broken
dependencies and/or checking that everything works after).<br>
<br>
I'd be all for going off the beaten path (compiling my own, adding
other repos that might have it, etc., switching to GnuTLS,
libressl, etc...), but for these systems, the more
conservative/vendor-supported option seems to be the right way to
go...<br>
<br>
Oh, and for what it's worth - the version of OpenSSL didn't have
Heartbleed problem...<br>
<br>
<br>
On 9/5/15 5:24 PM, Mike Nolte wrote:<br>
</div>
<blockquote
cite="mid:CAFVPvb-pO993utZuZWBCe2bVgL4i=LUyaLgTqwcpK6CsPUrLVg@mail.gmail.com"
type="cite">
<div dir="ltr">As you seem to know, the short answer is that you
probably can't do it without breaking packaging, at least a
li'l. The longer answer depends on what else is installed on
the machine and reliant on OpenSSL. You'd ultimately have to
compile from source. You could make a package from that
compilation, and you could even set the version on the package
to fool other packages into believing that it isn't the version
that it is. Applications may well break, though. It all
depends on the ones that you care about and how they operate.
On the bright side, you're immune to Heartbleed!
<div><br>
</div>
<div>Now, the obvious question: why not upgrade/migrate?</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Sat, Sep 5, 2015 at 11:27 AM, Sean
LeBlanc <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:seanleblanc@comcast.net" target="_blank">seanleblanc@comcast.net</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">I was
wondering if anyone here has any advice on upgrading OpenSSL
on<br>
RHEL 5.6 w/o updating to a newer RHEL version (5.x or 6.x or
something<br>
else)?<br>
<br>
It seems RHEL 5.6, at least w/o going off the vendor
reservation, tracks<br>
0.9.8 something (e?), and RH backports security fixes, from
what I can tell.<br>
<br>
It'd be nice to get TLS 1.2 especially, but I'm not sure how
easy that<br>
is w/o doing a broader upgrade.<br>
<br>
_______________________________________________<br>
clue mailing list: <a moz-do-not-send="true"
href="mailto:clue@cluedenver.org">clue@cluedenver.org</a><br>
For information, account preferences, or to unsubscribe see:<br>
<a moz-do-not-send="true"
href="http://cluedenver.org/mailman/listinfo/clue"
rel="noreferrer" target="_blank">http://cluedenver.org/mailman/listinfo/clue</a><br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
clue mailing list: <a class="moz-txt-link-abbreviated" href="mailto:clue@cluedenver.org">clue@cluedenver.org</a>
For information, account preferences, or to unsubscribe see:
<a class="moz-txt-link-freetext" href="http://cluedenver.org/mailman/listinfo/clue">http://cluedenver.org/mailman/listinfo/clue</a></pre>
</blockquote>
<br>
</body>
</html>