Displaying 20 results from an estimated 8000 matches similar to: "Centos 5 & tls v1.2, v1.1"
2015 Apr 16
2
Centos 5 & tls v1.2, v1.1
Am 16.04.2015 um 11:46 schrieb Leon Fauster <leonfauster at googlemail.com>:
> Am 16.04.2015 um 11:43 schrieb Eero Volotinen <eero.volotinen at iki.fi>:
>> Is there any nice way to get tlsv1.2 support to centos 5?
>> upgrading os to 6 is not option available.
>
>
> Unfortunately not.
https://bugzilla.redhat.com/show_bug.cgi?id=1066914
--
LF
2015 Apr 16
2
Centos 5 & tls v1.2, v1.1
in fact: modgnutls provides easy way to get tlsv1.2 to rhel 5
--
Eero
2015-04-16 21:02 GMT+03:00 Eero Volotinen <eero.volotinen at iki.fi>:
> well. this hack solution might work:
> http://www.tuxad.de/blog/archives/2014/11/19/openssl_updatesenhancements_for_rhel__centos_5/index.html
>
> --
> Eero
>
> 2015-04-16 17:30 GMT+03:00 Leon Fauster <leonfauster at
2015 Apr 16
1
Centos 5 & tls v1.2, v1.1
How about using gnutls?
Eero
16.4.2015 12.46 ip. "Leon Fauster" <leonfauster at googlemail.com> kirjoitti:
> Am 16.04.2015 um 11:43 schrieb Eero Volotinen <eero.volotinen at iki.fi>:
> > Is there any nice way to get tlsv1.2 support to centos 5?
> > upgrading os to 6 is not option available.
>
>
> Unfortunately not.
>
> --
> LF
>
>
>
2015 Apr 17
4
Centos 5 & tls v1.2, v1.1
Yep, maybe using ssl offloading devices like (BigIP) that receives tls1.2
and tlsv1.2 and then re-encrypts traffic with tls1.0 might be "cheapest"
solution.
--
Eero
2015-04-17 14:15 GMT+03:00 Johnny Hughes <johnny at centos.org>:
> On 04/16/2015 05:00 PM, Eero Volotinen wrote:
> > in fact: modgnutls provides easy way to get tlsv1.2 to rhel 5
> >
> > --
>
2015 Apr 17
0
Centos 5 & tls v1.2, v1.1
The cheapest sollution is probably compiling a private openssl somewhere
on the system and then compiling apache using that private openssl
version instead of the default system-wide one.
Regards,
Dennis
On 17.04.2015 13:20, Eero Volotinen wrote:
> Yep, maybe using ssl offloading devices like (BigIP) that receives tls1.2
> and tlsv1.2 and then re-encrypts traffic with tls1.0 might be
2015 Apr 17
0
Centos 5 & tls v1.2, v1.1
On 04/16/2015 05:00 PM, Eero Volotinen wrote:
> in fact: modgnutls provides easy way to get tlsv1.2 to rhel 5
>
> --
> Eero
>
If you do that, then you are at the mercy of Mr. Bergmann to provide
updates for all security issues for openssl. Has he updated his RPMs
since 2014-11-19 23:57:58? Does his patch work on the latest
RHEL/CentOS EL5 openssl-0.9.8 package?
The answer right
2015 Apr 16
0
Centos 5 & tls v1.2, v1.1
well. this hack solution might work:
http://www.tuxad.de/blog/archives/2014/11/19/openssl_updatesenhancements_for_rhel__centos_5/index.html
--
Eero
2015-04-16 17:30 GMT+03:00 Leon Fauster <leonfauster at googlemail.com>:
> Am 16.04.2015 um 11:46 schrieb Leon Fauster <leonfauster at googlemail.com>:
> > Am 16.04.2015 um 11:43 schrieb Eero Volotinen <eero.volotinen at
2015 Apr 16
0
Centos 5 & tls v1.2, v1.1
Am 16.04.2015 um 11:43 schrieb Eero Volotinen <eero.volotinen at iki.fi>:
> Is there any nice way to get tlsv1.2 support to centos 5?
> upgrading os to 6 is not option available.
Unfortunately not.
--
LF
2015 Aug 25
4
Compile for C6 / glibc
In the hope that some skilled developers are here:
We have a commercial product that do not run under CentOS6
/lib64/libc.so.6: version `GLIBC_2.14' not found
Is it possible to compile software (compile switch?) on a system that
uses a newer glibc but in such a way that can be used (executed) on
a system with an older glibc (like here: compiled on glibc 2.14
based system but C6 is on
2015 Aug 25
2
Compile for C6 / glibc
Am 25.08.2015 um 16:31 schrieb Eero Volotinen <eero.volotinen at iki.fi>:
> 25.8.2015 4.03 ip. "Leon Fauster" <leonfauster at googlemail.com> kirjoitti:
>
>>
>> In the hope that some skilled developers are here:
>>
>> We have a commercial product that do not run under CentOS6
>>
>> /lib64/libc.so.6: version `GLIBC_2.14' not
2015 Jun 17
2
Virtualization
It's so sad that centos is using very old versio on kvm and due that fact
live backup without downtime is not possible.
Anyway, virtsh+virtmanager + kvm is good choice.
--
Eero
2015-06-17 11:10 GMT+03:00 John R Pierce <pierce at hogranch.com>:
> regardless of all that noise, in RHEL and therefore CentOS, KVM is the
> preferred and best supported hypervisor.
>
> --
>
2015 Jun 17
2
Virtualization
yep, but still lack critical features :) like livebackup.
2015-06-17 12:26 GMT+03:00 Leon Fauster <leonfauster at googlemail.com>:
> Am 17.06.2015 um 11:17 schrieb Eero Volotinen <eero.volotinen at iki.fi>:
> > It's so sad that centos is using very old versio on kvm
> > and due that fact live backup without downtime is not possible.
>
>
> just some
2015 Apr 17
0
Centos 5 & tls v1.2, v1.1
On 04/17/2015 11:20 PM, Eero Volotinen wrote:
> Yep, maybe using ssl offloading devices like (BigIP) that receives tls1.2
> and tlsv1.2 and then re-encrypts traffic with tls1.0 might be "cheapest"
> solution.
Perhaps re-evaluate the need to have TLS 1.1 and 1.2 right now. The
only attack against 1.0 that I'm aware of is BEAST and that has been
largely mitigated by
2016 Mar 21
5
IPSec multiple VPN setups
I second Eero's comment, use a new IPSec daemon.
Openswan was forked and became Libreswan. Paul, now a RH employee, was a
main developer for the Openswan project before he and others created the
Libreswan fork.
https://libreswan.org/
EL6 has Openswan
EL7 has Libreswan
Racoon isn't all that fun to work with.
If you have the option, ditch it and EL5 and move to a newer platform
2015 Oct 21
1
Security implications of openssl098e on CentOS 7
On 10/21/2015 2:34 PM, Eero Volotinen wrote:
> Remember that rhel/centos backports fixes, so just looking version
> number is not reliable way to detect security issues.
>
> Eero
Indeed, though I can say on CentOS 5 the required configuration to be
PCI compliand is not valid in apache, and httpd will not start.
--
-----------------------------------------------
- Nick Bright
2016 Mar 25
5
www.centos.org/forums/
Hi List,
Does anyone know why the above URL is still using TLS V1.0.
I can't connect to it unless I enable TLS V1.0 which I was under the impression that it should not be used
anymore.
Thanks for any enlightenment.
Steve
--
2015 Mar 02
4
selinux allow FTP
2015-03-03 0:43 GMT+02:00 Tim Dunphy <bluethundr at gmail.com>:
> >
> > errr, I meant, sftp, not rscp
>
>
> Heh.. yeah. But the client isn't gonna go for that. LOL. Any way to allow
> regular ol' FTP using SELinux? Or does that just defeat the purpose of
> having a secure SELlinux server entirely?
>
FTP is not safe as it does not encrypt username(s)
2016 Apr 01
2
Libreswan PEM format
I generated according to the docs . Which produced
my server.secrets as below
used the command
ipsec newhostkey --configdir /etc/ipsec.d --output
/etc/ipsec.d/www.example.com.secrets
: RSA {
# RSA 3328 bits ***.**.net Fri Apr 1 15:39:32 2016
# for signatures only, UNSAFE FOR ENCRYPTION
2016 Mar 21
4
IPSec multiple VPN setups
err. upgrades?
You mean reinstall? As upgrading between major releases are not supported
in any way on centos / rhel and clones..
--
Eero
2016-03-21 20:33 GMT+02:00 <m.roth at 5-cent.us>:
> Glenn Pierce wrote:
> > I asked about upgrading once and got no reply. Does anyone have
> experience
> > of having a hosted centos upgraded on a virtual server. Would you usually
2016 Apr 01
2
Libreswan PEM format
Just trying to follow the instructions here
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html
I don't think I am doing anything special.
At the point where there is some communication going on
Getting this error
packet from *****:1024: received Vendor ID payload [Cisco-Unity]
Apr 01 17:33:44