Wondering how I can effectively disable SSLv3 n TLSv1 from rhel5.11 Apache web server?
Sent from my iPhone > On Mar 17, 2015, at 8:48 AM, Fernando Lozano <[email protected]> wrote: > > Hi Versha, >> >> Brief context from our side: >> We are basically using RHEL6 for our build infrastructure, and as a part of >> Vulnerability management we found that Subversion1.6 is no longer supported >> by Apache and we need to upgrade it to a higher version like 1.7 or 1.8 . >> That is why I was looking forward for some authentic information to proceed >> with a proper reason in this area. > Subversion 1.6 may not be supported anymore by Apache Foundation, but it is > supported by Red Hat itself. If there's any security or stability fix > released for newer Subversion, Red Hat has a contractual agreement with you > to backport those fixes to the older Subversion included in RHEL. This is > part of your subscription. > > From a legal standpoint Red Hat support is better than Apache support because > the first is assured by a contract (your subscription agreement) and comes > with well defined SLA terms. Apache support provides no assurances. Do you > have a support contract with Apache Foundation? You as a Red Hat customer can > open support tickets for subversion and Red Hat may well develop fixes and > patches itself, before Apache. Those patches will later be submitted to > Apache so they become part of the upstream Subversion. > > You can check if you downloaded the lastest Subversion updated released by > Red Hat and use: > # rpm -i --changelog subversion | grep -i cve > to look for specific vulnerabilities fixed and so you can prove you already > have vulnerabilities fixed by newer Subversion from Apache. > >> >> Also, do you have any idea when Redhat is going to have a higher version of >> apache Subversion in near future? J > As someone already explained, the stability / compability / certification > assurance from your RHEL subscription implies Red Hat will only update major > versions of most packages on a new RHEL series. So you'd have to move to > RHEL7 if you really need a newer subversion, but If your problem is just > satisfying a security audit you should be fine with RHEL6 updates. > > Someone also already explained you can get a (free?) subscription to software > collections to get newer releases for some packages, but I don't know if > those include Subversion and if those are subject to the same support terms > as regular RHEL packages. > > > []s, Fernando Lozano > > -- > redhat-sysadmin-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list
-- redhat-sysadmin-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list
