Update OpenSSL to support TLS 1.2

Issues related to software problems.
Post Reply
average_centos_user
Posts: 2
Joined: 2016/04/15 23:27:12

Update OpenSSL to support TLS 1.2

Post by average_centos_user » 2016/04/15 23:42:45

Hi everyone.

I (and I'm sure several others) are in a predicament caused by CentOS 5 and PayPal.

According to https://www.paypal-knowledge.com/infoce ... cale=en_US, "PayPal is updating its services to require TLS 1.2 for all HTTPS connections". This is great, except for those of us still using CentOS 5 because our repositories only have OpenSSL 0.9.8e which does not support TLS 1.2. Essentially, once June rolls around, we can no longer use PayPal.

The obvious answer is to update to CentOS 7, however we don't have that luxury until mid-November. There's nothing I can do about that.

I have read that it's possible to build OpenSSL from source and possibly have it work, but that could lead to disasters elsewhere in the OS. I'm not willing to take that risk.

My question is, will CentOS 5 receive an OpenSSL update before June that will add support for TLS 1.2? Support for CentOS 5 doesn't end until March 31st, 2017, so I'm hoping something can be done for those of us that have no other choice but use CentOS 5.

Thanks!

User avatar
TrevorH
Forum Moderator
Posts: 23176
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Update OpenSSL to support TLS 1.2

Post by TrevorH » 2016/04/16 02:14:50

will CentOS 5 receive an OpenSSL update before June that will add support for TLS 1.2?
You would have to ask Redhat about that since CentOS just rebuilds what is in RHEL. Having said that, since RHEL5 is in production phase 3 where nothing is changed except critical and important security updates, I very much doubt it.

You would probably find it easier to migrate to CentOS 6 since that is more similar to 5.
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

average_centos_user
Posts: 2
Joined: 2016/04/15 23:27:12

Re: Update OpenSSL to support TLS 1.2

Post by average_centos_user » 2016/04/16 02:46:47

Oh. That's unfortunate, but I suspected as much. This is going to be interesting.

Thanks for the reply, Trevor!

aks
Posts: 2529
Joined: 2014/09/20 11:22:14

Re: Update OpenSSL to support TLS 1.2

Post by aks » 2016/04/16 18:19:31

Just additional info, TLS1.2 since CentOS 6.5 (according to https://access.redhat.com/blogs/766093/posts/1976123)

lollerskates
Posts: 1
Joined: 2018/01/22 15:48:03

Re: Update OpenSSL to support TLS 1.2

Post by lollerskates » 2018/01/22 17:37:19

I know this thread is a year old, but for anyone googling: you can setup an nginx proxy_pass server on a cheap VPS to sit between your Centos 5 box and the TLS 1.2 API

I didn't test with paypal API, but I tested with another API that requires TLS 1.2 and it worked beautifully. Nginx accepts HTTP/HTTPS from the CentOS 5 box and forwards it to the API server, and transfers the reply back to your box.

https://serverfault.com/questions/84860 ... 106#893106

User avatar
TrevorH
Forum Moderator
Posts: 23176
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Update OpenSSL to support TLS 1.2

Post by TrevorH » 2018/01/22 20:32:28

No-one that cares one iota about security should be using CentOS 5 at all. It's been out of maintenance for nearly one year and is already accumulating enough serious security defects that make it untenable for production use.

If you run CentOS 5, please note: it is dead. Migrate NOW to something that still gets support.
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

Post Reply