similar to: Centos 5 & tls v1.2, v1.1

Am 16.04.2015 um 11:46 schrieb Leon Fauster <leonfauster at googlemail.com>: > Am 16.04.2015 um 11:43 schrieb Eero Volotinen <eero.volotinen at iki.fi>: >> Is there any nice way to get tlsv1.2 support to centos 5? >> upgrading os to 6 is not option available. > > > Unfortunately not. https://bugzilla.redhat.com/show_bug.cgi?id=1066914 -- LF

in fact: modgnutls provides easy way to get tlsv1.2 to rhel 5 -- Eero 2015-04-16 21:02 GMT+03:00 Eero Volotinen <eero.volotinen at iki.fi>: > well. this hack solution might work: > http://www.tuxad.de/blog/archives/2014/11/19/openssl_updatesenhancements_for_rhel__centos_5/index.html > > -- > Eero > > 2015-04-16 17:30 GMT+03:00 Leon Fauster <leonfauster at

How about using gnutls? Eero 16.4.2015 12.46 ip. "Leon Fauster" <leonfauster at googlemail.com> kirjoitti: > Am 16.04.2015 um 11:43 schrieb Eero Volotinen <eero.volotinen at iki.fi>: > > Is there any nice way to get tlsv1.2 support to centos 5? > > upgrading os to 6 is not option available. > > > Unfortunately not. > > -- > LF > > >

Yep, maybe using ssl offloading devices like (BigIP) that receives tls1.2 and tlsv1.2 and then re-encrypts traffic with tls1.0 might be "cheapest" solution. -- Eero 2015-04-17 14:15 GMT+03:00 Johnny Hughes <johnny at centos.org>: > On 04/16/2015 05:00 PM, Eero Volotinen wrote: > > in fact: modgnutls provides easy way to get tlsv1.2 to rhel 5 > > > > -- >

The cheapest sollution is probably compiling a private openssl somewhere on the system and then compiling apache using that private openssl version instead of the default system-wide one. Regards, Dennis On 17.04.2015 13:20, Eero Volotinen wrote: > Yep, maybe using ssl offloading devices like (BigIP) that receives tls1.2 > and tlsv1.2 and then re-encrypts traffic with tls1.0 might be

On 04/16/2015 05:00 PM, Eero Volotinen wrote: > in fact: modgnutls provides easy way to get tlsv1.2 to rhel 5 > > -- > Eero > If you do that, then you are at the mercy of Mr. Bergmann to provide updates for all security issues for openssl. Has he updated his RPMs since 2014-11-19 23:57:58? Does his patch work on the latest RHEL/CentOS EL5 openssl-0.9.8 package? The answer right

well. this hack solution might work: http://www.tuxad.de/blog/archives/2014/11/19/openssl_updatesenhancements_for_rhel__centos_5/index.html -- Eero 2015-04-16 17:30 GMT+03:00 Leon Fauster <leonfauster at googlemail.com>: > Am 16.04.2015 um 11:46 schrieb Leon Fauster <leonfauster at googlemail.com>: > > Am 16.04.2015 um 11:43 schrieb Eero Volotinen <eero.volotinen at

Am 16.04.2015 um 11:43 schrieb Eero Volotinen <eero.volotinen at iki.fi>: > Is there any nice way to get tlsv1.2 support to centos 5? > upgrading os to 6 is not option available. Unfortunately not. -- LF

In the hope that some skilled developers are here: We have a commercial product that do not run under CentOS6 /lib64/libc.so.6: version `GLIBC_2.14' not found Is it possible to compile software (compile switch?) on a system that uses a newer glibc but in such a way that can be used (executed) on a system with an older glibc (like here: compiled on glibc 2.14 based system but C6 is on

Am 25.08.2015 um 16:31 schrieb Eero Volotinen <eero.volotinen at iki.fi>: > 25.8.2015 4.03 ip. "Leon Fauster" <leonfauster at googlemail.com> kirjoitti: > >> >> In the hope that some skilled developers are here: >> >> We have a commercial product that do not run under CentOS6 >> >> /lib64/libc.so.6: version `GLIBC_2.14' not

It's so sad that centos is using very old versio on kvm and due that fact live backup without downtime is not possible. Anyway, virtsh+virtmanager + kvm is good choice. -- Eero 2015-06-17 11:10 GMT+03:00 John R Pierce <pierce at hogranch.com>: > regardless of all that noise, in RHEL and therefore CentOS, KVM is the > preferred and best supported hypervisor. > > -- >

yep, but still lack critical features :) like livebackup. 2015-06-17 12:26 GMT+03:00 Leon Fauster <leonfauster at googlemail.com>: > Am 17.06.2015 um 11:17 schrieb Eero Volotinen <eero.volotinen at iki.fi>: > > It's so sad that centos is using very old versio on kvm > > and due that fact live backup without downtime is not possible. > > > just some

On 04/17/2015 11:20 PM, Eero Volotinen wrote: > Yep, maybe using ssl offloading devices like (BigIP) that receives tls1.2 > and tlsv1.2 and then re-encrypts traffic with tls1.0 might be "cheapest" > solution. Perhaps re-evaluate the need to have TLS 1.1 and 1.2 right now. The only attack against 1.0 that I'm aware of is BEAST and that has been largely mitigated by

I second Eero's comment, use a new IPSec daemon. Openswan was forked and became Libreswan. Paul, now a RH employee, was a main developer for the Openswan project before he and others created the Libreswan fork. https://libreswan.org/ EL6 has Openswan EL7 has Libreswan Racoon isn't all that fun to work with. If you have the option, ditch it and EL5 and move to a newer platform

On 10/21/2015 2:34 PM, Eero Volotinen wrote: > Remember that rhel/centos backports fixes, so just looking version > number is not reliable way to detect security issues. > > Eero Indeed, though I can say on CentOS 5 the required configuration to be PCI compliand is not valid in apache, and httpd will not start. -- ----------------------------------------------- - Nick Bright

Hi List, Does anyone know why the above URL is still using TLS V1.0. I can't connect to it unless I enable TLS V1.0 which I was under the impression that it should not be used anymore. Thanks for any enlightenment. Steve --

2015-03-03 0:43 GMT+02:00 Tim Dunphy <bluethundr at gmail.com>: > > > > errr, I meant, sftp, not rscp > > > Heh.. yeah. But the client isn't gonna go for that. LOL. Any way to allow > regular ol' FTP using SELinux? Or does that just defeat the purpose of > having a secure SELlinux server entirely? > FTP is not safe as it does not encrypt username(s)

I generated according to the docs . Which produced my server.secrets as below used the command ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/www.example.com.secrets : RSA { # RSA 3328 bits ***.**.net Fri Apr 1 15:39:32 2016 # for signatures only, UNSAFE FOR ENCRYPTION

err. upgrades? You mean reinstall? As upgrading between major releases are not supported in any way on centos / rhel and clones.. -- Eero 2016-03-21 20:33 GMT+02:00 <m.roth at 5-cent.us>: > Glenn Pierce wrote: > > I asked about upgrading once and got no reply. Does anyone have > experience > > of having a hosted centos upgraded on a virtual server. Would you usually

Just trying to follow the instructions here https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html I don't think I am doing anything special. At the point where there is some communication going on Getting this error packet from *****:1024: received Vendor ID payload [Cisco-Unity] Apr 01 17:33:44