We're running CentOS 6 here and fixed the TLSv1.2 issue with these new OSes. You're correct that using yum to install Net::SSLeay will result in not being able to use newer versions of TLS.
However, I've always used the CPAN shell to build and install perl modules. Doing this works perfectly fine and it's almost as easy as using yum. We're running Net::SSLeay v1.70 here without any problems on CentOS 6. -Christopher On 7/31/15, 9:57 AM, "Heikki Vatiainen" <[email protected]> wrote: >On 07/31/2015 12:11 PM, Nick Lowe wrote: >> Surely, the best solution is to check for the availability of the >> SSL_export_keying_material. If it is not available, disable TLS 1.2. > >This is certainly the best solution, provided Net::SSLeay version is at >least 1.46. This is the first version that allows disabling TLS 1.2 (and >TLS 1.1). > >The OpenSSL API allows creating SSL_CTX for one TLS/SSL version only, or >for all supported versions which means the undesired versions need to be >disabled separately. This is why Net:SSLeay 1.46 or more recent would be >needed. > >http://www.openssl.org/docs/ssl/SSL_CTX_new.html > >> I definitely do not think that it is a great idea to disable support >> for TLS 1.2 by default. > >We'll check what can be done. Unfortunately it looks like RHEL/CentOS 6 >won't work with TLS 1.2 out of the box because of the old Net:SSLeay. >Fortunately it appears that for more recent Net::SSLeay and OpenSSL >combinations TLS 1.1 and 1.2 can be left enabled. > >Thanks, >Heikki > >-- >Heikki Vatiainen <[email protected]> > >Radiator: the most portable, flexible and configurable RADIUS server >anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, >Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, >TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, >DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, >NetWare etc. >_______________________________________________ >radiator mailing list >[email protected] >http://www.open.com.au/mailman/listinfo/radiator _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
