Thanks everyone for the help, does anybody know if RHEL5 with version 0.98e of openssl has a fix for TLS/SSL renegotiation vulnerability?
On Thu, Apr 24, 2014 at 7:40 AM, Hubert Kario <[email protected]> wrote: > ----- Original Message ----- > > > From: "Shruti Palshikar" <[email protected]> > > To: [email protected] > > Sent: Wednesday, 23 April, 2014 5:50:45 PM > > Subject: Upgrading OpenSSL on RHEL5 > > > Hello, > > > I am trying to upgrade my openSSL version on RHEL5. WHen I tried to > update it > > using yum commad (it kept pausing with the messages - No packages marked > for > > update) I found out that this was not installed from the source but was > > present along with RHEL in the /usr directory. Following are some helpful > > commands to give you an idea of the machine and openSSL I am using > > OpenSSL version shipped in RHEL 5 is the newest version that's compatible > with > other applications and tools shipped in this RHEL version. It does have all > the important bug fixes and security fixes backported (if you think it is > missing something, please contact us through Customer Portal). > > If you want to have a newer openssl version (e.g. to have support for > AES-GCM or > TLS1.2), you will have to upgrade to newer RHEL release (6.5). > > If you need only a single application to support newer cryptography, you > shouldn't replace the system version of openssl with version 1.0.x or > you will most likely break your install. > > -- > Regards, > Hubert Kario > BaseOS QE Security team > Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [email protected] > Automated List Manager [email protected] > -- Thanks, Shruti Palshikar 617 784 8358 BuysideFX<https://app.getsignals.com/link?url=http%3A%2F%2Fwww.buysidefx.com%2F&ukey=agxzfnNpZ25hbHNjcnhyFAsSC1VzZXJQcm9maWxlGLr_3AMM&k=a1b9ff13b42c4509a0ed70bae764a41a> *Solving foreign exchange problems * *for institutional money managers*
