ok thanks i will upgrade the OS, even i don't feel comfortable upgrading and
patching libraries outside the repo (hence never tried it.)The only thing i
wanted to test was if it works with the new version of openssl but even if that
is going to cause issues i will focus on upgrading the OS
Thanks bryan and lukas once again
From: Bryan Talbot <[email protected]>
To: Lukas Tribus <[email protected]>
Cc: Amol <[email protected]>; Bryan Talbot <[email protected]>; HAproxy
Mailing Lists <[email protected]>
Sent: Wednesday, May 20, 2015 1:47 PM
Subject: Re: SSL handshake failure when setting up no-tlsv10
On Wed, May 20, 2015 at 10:40 AM, Lukas Tribus <[email protected]> wrote:
> yes i figured since it is a ubuntu 10.04 machine it has old version of
> openssl
>
> so i looked around for upgrading the openssl and found this link
> https://sandilands.info/sgordon/upgrade-latest-version-openssl-on-ubuntu
>
> so can i just upgrade to openssl 1.0.1 and add it to the correct path
> and just restart the haproxy service?
Please don't.
As long as you don't *exactly* know what you are doing, ONLY use your
OS internal packaging system and don't follow tips you find on google.
This particular blog post for example makes you install a ancient version
of openssl (just look at the date of the post), with numerous issues and
bugs. Also you would very likely mess up your whole system.
Ubuntu 10.04 is EOL, you don't use an EOL'ed OS in production, period.
Upgrade to the next Ubuntu LTS edition by following the howto of your
OS vendor:
https://help.ubuntu.com/community/PreciseUpgrades
I agree with Lukas. Unless you're an expert at building and installing
customized system software, I would not recommend you do anything like that on
a server you want to be stable.
Upgrade your OS is your best option for sure.
-BryanÂ
