Hi,
I am running CentOS Linux release 7.7.1908 (Core) with the below mentioned OpenSSL version. As per https://www.openssl.org/policies/releasestrat.html. Version 1.0.2 is no longer supported.
OpenSSL Version
#openssl version OpenSSL 1.0.2k-fips 26 Jan 2017 #
Are there any plans for the latest stable supported version of OpenSSL to be made available in the CentOS 7.x version? I look forward to hearing from you and thanks in advance.
Best Regards,
Kaushal
Am 03.03.20 um 11:31 schrieb Kaushal Shriyan:
Hi,
I am running CentOS Linux release 7.7.1908 (Core) with the below mentioned OpenSSL version. As per https://www.openssl.org/policies/releasestrat.html. Version 1.0.2 is no longer supported.
OpenSSL Version
#openssl version OpenSSL 1.0.2k-fips 26 Jan 2017 #
Are there any plans for the latest stable supported version of OpenSSL to be made available in the CentOS 7.x version? I look forward to hearing from you and thanks in advance.
Please consider this article:
https://access.redhat.com/security/updates/backporting/
-- Leon
On Tue, Mar 3, 2020 at 6:31 PM Leon Fauster via CentOS centos@centos.org wrote:
Am 03.03.20 um 11:31 schrieb Kaushal Shriyan:
Hi,
I am running CentOS Linux release 7.7.1908 (Core) with the below
mentioned
OpenSSL version. As per
https://www.openssl.org/policies/releasestrat.html.
Version 1.0.2 is no longer supported.
OpenSSL Version
#openssl version OpenSSL 1.0.2k-fips 26 Jan 2017 #
Are there any plans for the latest stable supported version of OpenSSL to be made available in the CentOS 7.x version? I look forward to hearing
from
you and thanks in advance.
Please consider this article:
https://access.redhat.com/security/updates/backporting/
-- Leon
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Hi Leon,
I have gone through the article https://access.redhat.com/security/updates/backporting/. I am having a follow up question. Do I need to wait for the OpenSSL version 1.1.1d to be available on CentOS 7.x once it is tested in the upstream RHEL 7.x version? Please correct me if I misunderstood anything. I look forward to hearing from you and thanks in advance.
Best Regards,
On Tue, Mar 03, 2020 at 07:02:40PM +0530, Kaushal Shriyan wrote:
I have gone through the article https://access.redhat.com/security/updates/backporting/. I am having a follow up question. Do I need to wait for the OpenSSL version 1.1.1d to be available on CentOS 7.x once it is tested in the upstream RHEL 7.x version? Please correct me if I misunderstood anything. I look forward to hearing from you and thanks in advance.
To quote the article:
We use the term backporting to describe the action of taking a fix for a security flaw out of the most recent version of an upstream software package and applying that fix to an older version of the package we distribute.
Basically, you'll likely never see version 1.1.1d in CentOS 7. Any software fixes will be backported to the version in CentOS 7, 1.0.2k.
The release will be incremented as new updates in CentOS come out, but it'll continue to be 1.0.2k until Red Hat decides to do a rebase. That doesn't happen until there are features that are needed that are too difficult to backport. There have been OpenSSL rebases mid-release (in c5 and c6 I think), and I remember it caused a lot of problems, so I don't look forward to it.
I think you need to back up and ask yourself *WHY* you are demanding the latest release of OpenSSL. Do you need features that are not available in the OpenSSL in CentOS 7? Is there an auditor saying you must have some version to be secure?
If you must have versions of OpenSSL not in CentOS7, I suggest looking at packaging your application that uses SSL in a docker container that has that version available. Perhaps CentOS 8 will work for you.
On Tue, Mar 3, 2020 at 7:32 PM Jonathan Billings billings@negate.org wrote:
On Tue, Mar 03, 2020 at 07:02:40PM +0530, Kaushal Shriyan wrote:
I have gone through the article https://access.redhat.com/security/updates/backporting/. I am having a follow up question. Do I need to wait for the OpenSSL version 1.1.1d to
be
available on CentOS 7.x once it is tested in the upstream RHEL 7.x version? Please correct me if I misunderstood anything. I look forward
to
hearing from you and thanks in advance.
To quote the article:
We use the term backporting to describe the action of taking a fix for a security flaw out of the most recent version of an upstream software package and applying that fix to an older version of the package we distribute.
Basically, you'll likely never see version 1.1.1d in CentOS 7. Any software fixes will be backported to the version in CentOS 7, 1.0.2k.
The release will be incremented as new updates in CentOS come out, but it'll continue to be 1.0.2k until Red Hat decides to do a rebase. That doesn't happen until there are features that are needed that are too difficult to backport. There have been OpenSSL rebases mid-release (in c5 and c6 I think), and I remember it caused a lot of problems, so I don't look forward to it.
I think you need to back up and ask yourself *WHY* you are demanding the latest release of OpenSSL. Do you need features that are not available in the OpenSSL in CentOS 7? Is there an auditor saying you must have some version to be secure?
If you must have versions of OpenSSL not in CentOS7, I suggest looking at packaging your application that uses SSL in a docker container that has that version available. Perhaps CentOS 8 will work for you.
-- Jonathan Billings billings@negate.org _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Thanks Jonathan and Leon for the explanation and much appreciated.
Best Regards,
Kaushal
-
Jonathan Billings -
Kaushal Shriyan -
Leon Fauster