[CentOS] Centos 5 & tls v1.2, v1.1

Fri Apr 17 11:15:27 UTC 2015
Johnny Hughes <johnny at centos.org>

On 04/16/2015 05:00 PM, Eero Volotinen wrote:
> in fact: modgnutls provides easy way to get tlsv1.2 to rhel 5
> 
> --
> Eero
>

If you do that, then you are at the mercy of Mr. Bergmann to provide
updates for all security issues for openssl.  Has he updated his RPMs
since 2014-11-19 23:57:58?  Does his patch work on the latest
RHEL/CentOS EL5 openssl-0.9.8 package?

The answer right now for him providing newer packages is, I have no
idea.  His repo
(http://www.tuxad.de/blog/archives/2014/12/07/yum_repository_for_rhel__centos_5/index.html)
does not seem to be available:
====================================================================
Attempted reposync:

Error setting up repositories: failure: repodata/repomd.xml from tuxad:
[Errno 256] No more mirrors to try.
http://www.tuxad.com/repo/5/x86_64/tuxad/repodata/repomd.xml: [Errno 14]
HTTP Error 404 - Not Found
====================================================================

Red Hat chose not to turn on those cyphers in RHEL-5 (the ones in his
patches) .. doing so is not at all certified as safe, nor has it been
tested by anyone that I can see (other than in that blog entry).  It
might be fine .. it might not be.

People can make any choice that they want, but I would be looking to
upgrade to at least CentOS-6 at this point if I wanted newer TLS support
and not depending on one person to provide packages (or patches) of this
importance for all my EL5 machines.  But, that is just me.

Please note, I have no idea who Mr. Bergmann is and I am not in any way
being negative about those packages and patches .. they are extremely
nice and seem to work.  However, I can not see the rest of his repo
right now and I would not trust MY production machines to a one person
operation with something as important as openssl.

Thanks,
Johnny Hughes



> 2015-04-16 21:02 GMT+03:00 Eero Volotinen <eero.volotinen at iki.fi>:
> 
>> well. this hack solution might work:
>> http://www.tuxad.de/blog/archives/2014/11/19/openssl_updatesenhancements_for_rhel__centos_5/index.html
>>
>> --
>> Eero
>>
>> 2015-04-16 17:30 GMT+03:00 Leon Fauster <leonfauster at googlemail.com>:
>>
>>> Am 16.04.2015 um 11:46 schrieb Leon Fauster <leonfauster at googlemail.com>:
>>>> Am 16.04.2015 um 11:43 schrieb Eero Volotinen <eero.volotinen at iki.fi>:
>>>>> Is there any nice way to get tlsv1.2 support to centos 5?
>>>>> upgrading os to 6 is not option available.
>>>>
>>>>
>>>> Unfortunately not.
>>>
>>>
>>> https://bugzilla.redhat.com/show_bug.cgi?id=1066914
>>>
>>> --
>>> LF


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20150417/b3cc7021/attachment-0005.sig>