PDA

View Full Version : SLES-Other Upgrading SLES and OpenSSL to support TLS 1.2



allisonc
08-Feb-2016, 15:52
On our servers, we currently have SLES 11 installed. From what I have gathered so far, we will need to go from 11->11SP1->11S2->11SP3->11SP4. The main reason we are upgrading at this point is that we need to upgrade OpenSSL. We are currently using version 0.9.8h. Will 11SP4 support the latest version of OpenSSL? We ultimately need to support TLS 1.2.

Thank you

ab
08-Feb-2016, 16:58
Major changes of packages are usually not done unless the major version of
the system changes. In your case, you're moving from SP to SP, which is
meant to primarily address fixes, so getting openssl 1.x does not happen
by default.

If you want the latest version of openssl by default for your entire
server, your best option is probably to just upgrade to SLES 12 (SLES 12
SP1 is current). Also keep in mind that just because openssl is updated
to 1.0.x does not mean that all applications within the system will
support TLS 1.2 (Apache httpd, Apache Tomcat, postfix, etc.) so those may
also need to be upgraded, which would happen as part of SLES 12 SP1.

In the meantime, if you cannot go to SLES 12, SUSE created a separate
channel that will essentially let you add openssl 1.0.x to your existing
servers, depending on SP. The module was released in 2014, and you can
start learning about it here:
https://www.suse.com/communities/blog/introducing-the-suse-linux-enterprise-11-security-module/

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...

smflood
09-Feb-2016, 13:28
On 08/02/2016 15:58, ab wrote:

> In the meantime, if you cannot go to SLES 12, SUSE created a separate
> channel that will essentially let you add openssl 1.0.x to your existing
> servers, depending on SP. The module was released in 2014, and you can
> start learning about it here:
> https://www.suse.com/communities/blog/introducing-the-suse-linux-enterprise-11-security-module/

From the first paragraph of the above article

"SUSE has released the “SUSE Linux Enterprise 11 Security Module”,
providing enhancements to SUSE Linux Enterprise 11 SP3 ..."

so you will need to at least upgrade from SLES11 to SLES11 SP1 then
SLES11 SP2 and finally SLES11 SP3. However given that SLES11 SP3 is out
of General Support I'd also upgrade to SLES11 SP4, particularly if
you're worried about security.

HTH.
--
Simon
SUSE Knowledge Partner

------------------------------------------------------------------------
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks.
------------------------------------------------------------------------