Please let me know if I am completely off. The version of openssl we are running is 0.9.8e-fips-rhel5 01 Jul 2008. So if we want version TLS1.1+ then we need to recompile the STUNNEL src with an updated version of openssl we are running on our server. Something higher than 0.9.8. Is that right ? Is it possible to find a version that was already compiled with a higher version of openssl ?
On Wed, Apr 12, 2017 at 5:49 PM, Rob Lockhart <[email protected]> wrote: > > > On Wed, Apr 12, 2017 at 5:22 PM, Kenway Ng <[email protected]> wrote: > >> >> I am trying to upgrade our version of stunnel. Our SME left and now I am >> trying to upgrade stunnel to fix a vulnerability . I am being told to use >> TLS1.1 or higher >> >> $ ./stunnel -version >> >> stunnel 4.15 on x86_64-redhat-linux-gnu with OpenSSL 0.9.8e-fips-rhel5 01 >> Jul 2008 >> >> Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP >> >> >> > > I don't have RHEL5 64-bit but these links may help: > > https://miteshshah.github.io/linux/centos/how-to-enable- > openssl-1-0-2-a-tlsv1-1-and-tlsv1-2-on-centos-5-and-rhel5/ > > http://serverfault.com/questions/296765/cannot-find-ssl-libraries-when- > configuring-stunnel > > These links involve re-compiling OpenSSL and Stunnel, in that order. I > would opt for OpenSSL 1.0.2k (latest as of 20170412) since 1.0.1 and below > are all EOL as of 12/31/2016. OpenSSL 0.9.8 supports only TLS v1.0, > whereas OpenSSL 1.0.1 supports TLS v1.0, v1.1 and v1.2. > > -Rob >
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
