On 10/22/2015 07:18 AM, Nick Bright wrote: > Greetings, > > I'm working with a new CentOS 7 installation, moving a system up from > CentOS 5 due to OpenSSL version 0.9.8e not meeting PCI Compliance > requirements. > > However, while setting up the CentOS 7 environment one of the closed > source applications is requiring 0.9.8. The software vendor has advised > installing package openssl098e from yum; but I'm hesitant to do so from > a compliance and security perspective. > > What are the implications of this compatibility package? What does it > provide/do? openssl098e appears to be parallel-installable, that is you can safely install both it and openssl on the same system and they should not clash. As others have stated since it's supported by RedHat it will get backports of security fixes for some time to come, although it will likely not be PCI compliant because (I think, could be wrong here) it won't support TLS1.1 or 1.2. You can install it, restart apache and then easily check to see if it's affecting apache by using openssl s_client to attempt a TLS1.2 connection to your web server, then if that works run the tests at https://www.ssllabs.com/ssltest/index.html, that should tell you everything you need to know. Peter