I think there are to many packages dependent on openssl-9.8 libraries such as libcrypto.so.6 & libssl.so.6. by apache. These would be replaced by libcrypto.so.10 with openssl-1.0.1. There'd have to be many packages recompiled. So, I think you'll have to do the notlshost option. Sorry.

On 3/9/2018 9:40 AM, Eric Broch wrote:

This is what they look like running side by side

# find /usr -name openssl*

/usr/lib64/openssl
/usr/lib64/pkgconfig/openssl101e.pc
/usr/lib64/pkgconfig/openssl.pc
/usr/lib64/openssl101e
/usr/include/openssl
/usr/include/openssl/opensslv.h
/usr/include/openssl/opensslconf.h
/usr/include/openssl/opensslconf-i386.h
/usr/include/openssl/opensslconf-x86_64.h
/usr/include/openssl101e
/usr/include/openssl101e/openssl
/usr/include/openssl101e/openssl/opensslv.h
/usr/include/openssl101e/openssl/opensslconf.h
/usr/include/openssl101e/openssl/opensslconf-i386.h
/usr/include/openssl101e/openssl/opensslconf-x86_64.h
/usr/share/man/man1/openssl.1ssl.gz
/usr/share/man/man1/openssl101e.1.gz
/usr/share/doc/curl-devel-7.15.5/opensslthreadlock.c
/usr/share/doc/openssl101e-1.0.1e
/usr/share/doc/openssl101e-1.0.1e/openssl.txt
/usr/share/doc/openssl101e-1.0.1e/openssl_button.gif
/usr/share/doc/openssl101e-1.0.1e/openssl_button.html
/usr/share/doc/openssl-0.9.8e
/usr/share/doc/openssl-0.9.8e/openssl.txt
/usr/share/doc/openssl-0.9.8e/openssl_button.gif
/usr/share/doc/openssl-0.9.8e/openssl_button.html
/usr/bin/openssl
/usr/bin/openssl101e
/usr/lib/openssl
/usr/lib/pkgconfig/openssl101e.pc
/usr/lib/pkgconfig/openssl.pc
/usr/lib/openssl101e
/usr/lib/python2.4/site-packages/sos/plugins/openssl.pyo
/usr/lib/python2.4/site-packages/sos/plugins/openssl.pyc
/usr/lib/python2.4/site-packages/sos/plugins/openssl.py


I'm not sure why the rpm was compiled this way (not to replace the old), but I'm sure they had their reasons.



On 3/9/2018 9:22 AM, Rvaught wrote:

Ok,

Rick

*From:*Eric Broch [mailto:ebr...@whitehorsetc.com]
*Sent:* Friday, March 09, 2018 11:17 AM
*To:* qmailtoaster-list@qmailtoaster.com
*Subject:* Re: [qmailtoaster] Mail Failure

I'm not sure it will work. It installs side by side with old rpms openssl and openssl-devel. I'd try creating the notlshosts/<fqdn> first, and let me do some experimenting.

On 3/9/2018 9:14 AM, Rvaught wrote:

    Thank you, I will give this a try.

    Rick

    *From:*Eric Broch [mailto:ebr...@whitehorsetc.com]
    *Sent:* Friday, March 09, 2018 10:50 AM
    *To:* qmailtoaster-list@qmailtoaster.com
    <mailto:qmailtoaster-list@qmailtoaster.com>
    *Subject:* Re: [qmailtoaster] Mail Failure

    In fact, here's a binary

    
https://centos.pkgs.org/5/epel-x86_64/openssl101e-1.0.1e-11.el5.x86_64.rpm.html

    and the how to

     1. Download the latest epel-release rpm from

    http://dl.fedoraproject.org/pub/archive/epel/5/x86_64/

     2. Install epel-release rpm:

    # rpm -Uvh epel-release*rpm

     3. Install openssl101e rpm package:

    # yum install openssl101e

    On 3/9/2018 8:47 AM, Eric Broch wrote:

        That's the issue. TLSv1.1 & TLSv1.2 are only support in
        openssl-1.*

        You could disable TLS for this email address
        
(https://serverfault.com/questions/562234/disable-starttls-on-qmail-for-outgoing-messages).

        Or, you could upgrade manually openssl on CentOS 5
        
(https://miteshshah.github.io/linux/centos/how-to-enable-openssl-1-0-2-a-tlsv1-1-and-tlsv1-2-on-centos-5-and-rhel5/).

        Eric

        On 3/9/2018 8:30 AM, Rvaught wrote:

            Version .9.8e-33.el5_11

            *From:*Eric Broch [mailto:ebr...@whitehorsetc.com]
            *Sent:* Friday, March 09, 2018 10:26 AM
            *To:* qmailtoaster-list
            *Subject:* Re: [qmailtoaster] Mail Failure

            What version of openssl is on your host?

            # rpm -qa | grep openssl

            On 3/8/2018 11:22 AM, Rvaught wrote:

                I am getting this failure when trying to send mail to
                one email address.

                The error is TLS connect failed: error 140770FC: SSL
                routing: SSL 3_GET_SERVER_HELLO: unknown protocol. It
                appears your server wants a TLS or SSL connection or
                certificate.

                I am running a qmail toaster on Centos 5.11.

                How can I tell what version TLS I am using? The
                support person on the other end says they do not
                accept version of  lower than TLS 1.1 or 1.2.

                Thanks ,

                Rick





--
            Eric Broch

            White Horse Technical Consulting (WHTC)




--
        Eric Broch

        White Horse Technical Consulting (WHTC)




--
    Eric Broch

    White Horse Technical Consulting (WHTC)



--
Eric Broch
White Horse Technical Consulting (WHTC)

--
Eric Broch
White Horse Technical Consulting (WHTC)

--
Eric Broch
White Horse Technical Consulting (WHTC)

Reply via email to