PDA

View Full Version : Openssl 1.0.1g integration posible ?



Isegrim
20-Oct-2014, 15:32
Good Day,

we would remove OpenSSL 0.9.8j and use Openssl 1.0.1g.
Is there any Way to do this.
Actually we use Sles 11 SP3

Thanks for your Help

smflood
20-Oct-2014, 16:34
On 20/10/2014 15:34, Isegrim wrote:

> we would remove OpenSSL 0.9.8j and use Openssl 1.0.1g.
> Is there any Way to do this.
> Actually we use Sles 11 SP3

If you're using SLES11 SP3 then you're in luck as SUSE recently
announced the SLE11 Security Module which adds OpenSSL 1.0.1g. See
https://www.suse.com/communities/conversations/introducing-the-suse-linux-enterprise-11-security-module/
for more information.

HTH.
--
Simon
SUSE Knowledge Partner

------------------------------------------------------------------------
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks.
------------------------------------------------------------------------

unsigned
21-Oct-2014, 16:05
While I understand OpenSSL is used in a lot of products, I'm going to
ask about Apache here.

Going this Security Module route for stronger crypto libraries available
in Apache (vs. NSS) would require rebuilding mod_ssl, correct?

But even then, getting all the way to Forward Secrecy with TLS 1.2
wouldn't be possible because Apache 2.2.12 doesn't support the ECDHE
suites.

Am I off base here?




On 10/20/2014 10:34 AM, Simon Flood wrote:
> On 20/10/2014 15:34, Isegrim wrote:
>
>> we would remove OpenSSL 0.9.8j and use Openssl 1.0.1g.
>> Is there any Way to do this.
>> Actually we use Sles 11 SP3
>
> If you're using SLES11 SP3 then you're in luck as SUSE recently
> announced the SLE11 Security Module which adds OpenSSL 1.0.1g. See
> https://www.suse.com/communities/conversations/introducing-the-suse-linux-enterprise-11-security-module/
> for more information.
>
> HTH.

alagirib92
17-Sep-2015, 06:36
In our project we are currently using openssl 1.01c in SLED 12 but I need to update it to openssl 1.01e how can update it?I tried using yast but I cant uninstall openssl since there are dependencies.?

jmozdzen
17-Sep-2015, 15:42
Hi alagirib92,

In our project we are currently using openssl 1.01c in SLED 12 but I need to update it to openssl 1.01e how can update it?I tried using yast but I cant uninstall openssl since there are dependencies.?

openssl libraries are an elementary component of modern Linux-based systems... so you may be opening a bag of worms when upgrading. Nevertheless a few related comments:

- this is a SLES forum - you might re-post in the SLED forums.

- if you have the proper upgrade package, there's no need to uninstall - you can simply update the RPM

- have you checked if the specific fixes you're looking for are already back-ported by SUSE? The version numbers not necessarily reflect the upstream version of a package.

If you have a specific business need and the provided packets aren't available (yet), you might want to contact your SUSE representative (or open a SR) to ask for an according enhancement.

Regards,
Jens