I backported the redhat/centos 6.x OpenSSL rpm package to 5.x. It is running fine on centos 5 32bits. I can provide you the source rpm and you can recompile on your 64bit Os.
Saludos Jose Alfredo Diaz Cerrejón > On Apr 13, 2017, at 5:08 PM, Rob Lockhart <[email protected]> wrote: > > One more good link: > https://wiki.openssl.org/index.php/Compilation_and_Installation > Be sure to read the parts about the --prefix and --openssldir compiler > directives. The FIPS mode puts restrictions on some keys (prohibiting weak > ones), but IIRC you can do the same with proper config files too. > > Good luck! > >> On Thu, Apr 13, 2017 at 5:32 PM, Kenway Ng <[email protected]> wrote: >> Thanks Rob. Appreciate the information. >> >>> On Thu, Apr 13, 2017, 4:28 PM Rob Lockhart <[email protected]> wrote: >>> According to this: >>> https://access.redhat.com/support/policy/updates/errata >>> >>> RHEL5 is out of support as of 3/31/2017 for patches, except for security >>> patching. No new features will be added to RHEL5, to include TLS v1.1 >>> support (requires OpenSSL 1.0.x). >>> >>> First compile OpenSSL 1.0.2 (in a different path), then compile Stunnel >>> (5.41) using the /usr/local for the prefix (per previous links), and >>> perhaps some other switches too (based on info from those URLs). >>> >>> From the links I found, you can have multiple versions of OpenSSL, but you >>> have to link to one when compiling Stunnel. The one you choose when >>> compiling Stunnel will want to be the newer one you compiled. IMHO, I would >>> migrate your RHEL5 to RHEL6 or RHEL7, but that may be considerably more >>> difficult than just compiling OpenSSL and Stunnel. >>> >>> -Rob >>> >>>> On Thu, Apr 13, 2017 at 4:15 PM, Kenway Ng <[email protected]> wrote: >>>> Please let me know if I am completely off. The version of openssl we are >>>> running is 0.9.8e-fips-rhel5 01 Jul 2008. So if we want version TLS1.1+ >>>> then we need to recompile the STUNNEL src with an updated version of >>>> openssl we are running on our server. Something higher than 0.9.8. Is >>>> that right ? Is it possible to find a version that was already compiled >>>> with a higher version of openssl ? >>>> >>>>> On Wed, Apr 12, 2017 at 5:49 PM, Rob Lockhart <[email protected]> wrote: >>>>> >>>>> >>>>>> On Wed, Apr 12, 2017 at 5:22 PM, Kenway Ng <[email protected]> wrote: >>>>>> >>>>>> I am trying to upgrade our version of stunnel. Our SME left and now I >>>>>> am trying to upgrade stunnel to fix a vulnerability . I am being told >>>>>> to use TLS1.1 or higher >>>>>> >>>>>> $ ./stunnel -version >>>>>> >>>>>> stunnel 4.15 on x86_64-redhat-linux-gnu with OpenSSL 0.9.8e-fips-rhel5 >>>>>> 01 Jul 2008 >>>>>> >>>>>> Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP >>>>>> >>>>>> >>>>>> >>>>> >>>>> I don't have RHEL5 64-bit but these links may help: >>>>> >>>>> https://miteshshah.github.io/linux/centos/how-to-enable-openssl-1-0-2-a-tlsv1-1-and-tlsv1-2-on-centos-5-and-rhel5/ >>>>> >>>>> http://serverfault.com/questions/296765/cannot-find-ssl-libraries-when-configuring-stunnel >>>>> >>>>> These links involve re-compiling OpenSSL and Stunnel, in that order. I >>>>> would opt for OpenSSL 1.0.2k (latest as of 20170412) since 1.0.1 and >>>>> below are all EOL as of 12/31/2016. OpenSSL 0.9.8 supports only TLS >>>>> v1.0, whereas OpenSSL 1.0.1 supports TLS v1.0, v1.1 and v1.2. >>>>> >>>>> -Rob >>>> >>> >>> _______________________________________________ >>> stunnel-users mailing list >>> [email protected] >>> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users > > _______________________________________________ > stunnel-users mailing list > [email protected] > https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
