[CentOS] Centos 5 & tls v1.2, v1.1
Peter
peter at pajamian.dhs.org
Fri Apr 17 11:40:46 UTC 2015
On 04/17/2015 11:20 PM, Eero Volotinen wrote:
> Yep, maybe using ssl offloading devices like (BigIP) that receives tls1.2
> and tlsv1.2 and then re-encrypts traffic with tls1.0 might be "cheapest"
> solution.
Perhaps re-evaluate the need to have TLS 1.1 and 1.2 right now. The
only attack against 1.0 that I'm aware of is BEAST and that has been
largely mitigated by browser-side fixes to the point where TLS 1.0 is
now considered to be safe. No doubt there will in time be other attacks
that necessitate an upgrade, but for now I would just stick with the
version of openssl and apache that comes with CentOS 5 and focus on
moving to CentOS 6 or 7 as a medium (not long) term goal. At the end of
the day I think it's better to just go this route than have to deal with
the hacky solutions for getting 1.1 and 1.2 out of CentOS 5.
Peter
More information about the CentOS
mailing list