PDA

View Full Version : SLES 11 SP4 SLES 11 SP4 zypper TLS1.2



vockinger
18-May-2018, 14:35
Hi, we have to use TLS1.2 for all communication.
We are using the SLES 11 Security Module https://www.suse.com/documentation/suse-best- practices/singlehtml/securitymodule/securitymodule.html to enable TLS1.2 in our SMT server and installed the openssl und curl versions from this module on our SLES 11 SP4 server.

Everything is working fine, except zypper.

curl can connect to the SMT server with TLS1.2, but zypper not.....

Looks like zypper is using the libcurl and not curl.

Is there any way to get zypper to use a newer version of the libcurl library?

Thank you, Alfred

ab
18-May-2018, 20:32
On 05/18/2018 07:44 AM, vockinger wrote:
>
> Hi, we have to use TLS1.2 for all communication.
> We are using the SLES 11 Security Module
> https://www.suse.com/documentation/suse-best-
> practices/singlehtml/securitymodule/securitymodule.html to enable TLS1.2
> in our SMT server and installed the openssl und curl versions from this
> module on our SLES 11 SP4 server.
>
> Everything is working fine, except zypper.
>
> curl can connect to the SMT server with TLS1.2, but zypper not.....
>
> Looks like zypper is using the libcurl and not curl.

Most programs do not use 'curl' directly, but use libcurl, so that's
pretty normal.

Which version of libcurl do you have? I thought the security module came
with a new version of libcurl as well as curl. A week ago I was on a
system that had the security module to work on a certificate trust issue,
and in that case the client was just 'curl', but other things worked.

What do you see from this:



zypper lr -u
zypper se curl #should also see libcurl packages


> Is there any way to get zypper to use a newer version of the libcurl
> library?



ldd $(which zypper)
update-alternatives --get-selections | grep -i curl



--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.