Thanks Rob. Appreciate the information. On Thu, Apr 13, 2017, 4:28 PM Rob Lockhart <[email protected]> wrote:
> According to this: > https://access.redhat.com/support/policy/updates/errata > > RHEL5 is out of support as of 3/31/2017 for patches, except for security > patching. No new features will be added to RHEL5, to include TLS v1.1 > support (requires OpenSSL 1.0.x). > > First compile OpenSSL 1.0.2 (in a different path), then compile Stunnel > (5.41) using the /usr/local for the prefix (per previous links), and > perhaps some other switches too (based on info from those URLs). > > From the links I found, you can have multiple versions of OpenSSL, but you > have to link to one when compiling Stunnel. The one you choose when > compiling Stunnel will want to be the newer one you compiled. IMHO, I would > migrate your RHEL5 to RHEL6 or RHEL7, but that may be considerably more > difficult than just compiling OpenSSL and Stunnel. > > -Rob > > On Thu, Apr 13, 2017 at 4:15 PM, Kenway Ng <[email protected]> wrote: > >> Please let me know if I am completely off. The version of openssl we are >> running is 0.9.8e-fips-rhel5 01 Jul 2008. So if we want version TLS1.1+ >> then we need to recompile the STUNNEL src with an updated version of >> openssl we are running on our server. Something higher than 0.9.8. Is >> that right ? Is it possible to find a version that was already compiled >> with a higher version of openssl ? >> >> On Wed, Apr 12, 2017 at 5:49 PM, Rob Lockhart <[email protected]> wrote: >> >>> >>> >>> On Wed, Apr 12, 2017 at 5:22 PM, Kenway Ng <[email protected]> wrote: >>> >>>> >>>> I am trying to upgrade our version of stunnel. Our SME left and now I >>>> am trying to upgrade stunnel to fix a vulnerability . I am being told to >>>> use TLS1.1 or higher >>>> >>>> $ ./stunnel -version >>>> >>>> stunnel 4.15 on x86_64-redhat-linux-gnu with OpenSSL 0.9.8e-fips-rhel5 >>>> 01 Jul 2008 >>>> >>>> Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP >>>> >>>> >>>> >>> >>> I don't have RHEL5 64-bit but these links may help: >>> >>> >>> https://miteshshah.github.io/linux/centos/how-to-enable-openssl-1-0-2-a-tlsv1-1-and-tlsv1-2-on-centos-5-and-rhel5/ >>> >>> >>> http://serverfault.com/questions/296765/cannot-find-ssl-libraries-when-configuring-stunnel >>> >>> These links involve re-compiling OpenSSL and Stunnel, in that order. I >>> would opt for OpenSSL 1.0.2k (latest as of 20170412) since 1.0.1 and below >>> are all EOL as of 12/31/2016. OpenSSL 0.9.8 supports only TLS v1.0, >>> whereas OpenSSL 1.0.1 supports TLS v1.0, v1.1 and v1.2. >>> >>> -Rob >>> >> >> > _______________________________________________ > stunnel-users mailing list > [email protected] > https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users >
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
