Joscha Knobloch
2021-Oct-28 14:30 UTC
[CentOS] Version of curl does not support session resumption
Hi, we have a CentOS7 Server running that pushes some Backups via FTP onto another server. We switches the FTP-Server for a new one that works very well. One new thing is that FTPS session resumption is now mandetory and cannot be turned off since it is an important security feature. Unfortunately the version of curl on the system does not yet support it. This is the version installed on the system: curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.53.1 zlib/1.2.7 libidn/1.28 libssh2/1.8.0 I have discussed this on the curl mailing list and they said the version is from 2013 and we should update to a new version of curl. Is curl going to be updated to support ftps session resumption in the near future? If not: What would be the best way to get a newer version onto the system? Kind Regards Joscha
Stephen John Smoogen
2021-Oct-28 15:34 UTC
[CentOS] Version of curl does not support session resumption
On Thu, 28 Oct 2021 at 10:28, Joscha Knobloch <Joscha.Knobloch at brm.de> wrote:> > Hi, > > we have a CentOS7 Server running that pushes some Backups via FTP onto another server. We switches the FTP-Server for a new one that works very well. One new thing is that FTPS session resumption is now mandetory and cannot be turned off since it is an important security feature. > > Unfortunately the version of curl on the system does not yet support it. This is the version installed on the system: > curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.53.1 zlib/1.2.7 libidn/1.28 libssh2/1.8.0 > > I have discussed this on the curl mailing list and they said the version is from 2013 and we should update to a new version of curl. > > Is curl going to be updated to support ftps session resumption in the near future? If not: What would be the best way to get a newer version onto the system?Enterprise Linux and other Long Time Support distributions are usually very strict on updating packages which are in scripts. CentOS-7 is based on Red Hat Enterprise Linux 7 which was released in 2014 and had its last package set updated in 2020 with the release of 7.9. All changes til its end of life in 2024 will be security fixes or other critical fixes. Normally to get a newer package like this you will want to compile the version you want in /usr/local/ or some /opt/ tree directory to a) make sure it doesn't break existing tools but b) is available for scripts. -- Stephen J Smoogen. I've seen things you people wouldn't believe. Flame wars in sci.astro.orion. I have seen SPAM filters overload because of Godwin's Law. All those moments will be lost in time... like posts on a BBS... time to shutdown -h now.
Steve Meier
2021-Oct-28 21:04 UTC
[CentOS] Version of curl does not support session resumption
Hello Joscha, Am 2021-10-28 16:30, schrieb Joscha Knobloch:> > Is curl going to be updated to support ftps session resumption in the > near future? If not: What would be the best way to get a newer version > onto the system?the point of RHEL / CentOS is to provide stability, so packages are generally not updated to newer versions. So cURL for CentOS 7 will remain as is. It's fairly simple to build yourself a newer cURL binary though: $ wget https://github.com/curl/curl/releases/download/curl-7_79_1/curl-7.79.1.tar.gz $ tar xzf curl-7.79.1.tar.gz $ cd curl-7.79.1 $ ./configure --with-openssl $ make $ src/curl -V curl 7.79.1 (x86_64-pc-linux-gnu) libcurl/7.79.1 OpenSSL/1.0.2k-fips zlib/1.2.7 zstd/1.5.0 libidn2/2.3.0 OpenLDAP/2.4.44 Release-Date: 2021-09-22 Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp Features: alt-svc AsynchDNS HSTS HTTPS-proxy IDN IPv6 Largefile libz NTLM NTLM_WB SSL UnixSockets zstd You can use a packager such as togo to roll your own RPM: https://github.com/genereese/togo Alternatively, you can just put the new binary into /usr/local/bin, update your scripts to use that curl instead of the one in /usr/bin and call it a day. Remember though, using your own cURL means you will no longer get security updates, so you may want to subscribe to their mailing-list to get notified when an update is recommended. Kind regards, Steve