[stunnel-users] Configure Error

Kenway Ng kenwayng at gmail.com
Thu Apr 13 23:32:28 CEST 2017


Thanks Rob.  Appreciate the information.

On Thu, Apr 13, 2017, 4:28 PM Rob Lockhart <rlockhar at gmail.com> wrote:

> According to this:
> https://access.redhat.com/support/policy/updates/errata
>
> RHEL5 is out of support as of 3/31/2017 for patches, except for security
> patching. No new features will be added to RHEL5, to include TLS v1.1
> support (requires OpenSSL 1.0.x).
>
> First compile OpenSSL 1.0.2 (in a different path), then compile Stunnel
> (5.41) using the /usr/local for the prefix (per previous links), and
> perhaps some other switches too (based on info from those URLs).
>
> From the links I found, you can have multiple versions of OpenSSL, but you
> have to link to one when compiling Stunnel. The one you choose when
> compiling Stunnel will want to be the newer one you compiled. IMHO, I would
> migrate your RHEL5 to RHEL6 or RHEL7, but that may be considerably more
> difficult than just compiling OpenSSL and Stunnel.
>
> ​ -Rob​
>
> On Thu, Apr 13, 2017 at 4:15 PM, Kenway Ng <kenwayng at gmail.com> wrote:
>
>> Please let me know if I am completely off.  The version of openssl we are
>> running is 0.9.8e-fips-rhel5 01 Jul 2008.   So if we want version  TLS1.1+
>> then we need to recompile the STUNNEL src with an updated version of
>> openssl we are running on our server.  Something higher than 0.9.8.   Is
>> that right ?  Is it possible to find a version that was already compiled
>> with a higher version of openssl ?
>>
>> On Wed, Apr 12, 2017 at 5:49 PM, Rob Lockhart <rlockhar at gmail.com> wrote:
>>
>>>
>>>
>>> On Wed, Apr 12, 2017 at 5:22 PM, Kenway Ng <kenwayng at gmail.com> wrote:
>>>
>>>>
>>>> I am trying to upgrade our version of stunnel.  Our SME left and now I
>>>> am trying to upgrade stunnel to fix a vulnerability .  I am being told to
>>>> use TLS1.1 or higher
>>>>
>>>> $ ./stunnel -version
>>>>
>>>> stunnel 4.15 on x86_64-redhat-linux-gnu with OpenSSL 0.9.8e-fips-rhel5
>>>> 01 Jul 2008
>>>>
>>>> Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
>>>>
>>>>
>>>>
>>>
>>> ​I don't have RHEL5 64-bit but these links may help:
>>>
>>>
>>> https://miteshshah.github.io/linux/centos/how-to-enable-openssl-1-0-2-a-tlsv1-1-and-tlsv1-2-on-centos-5-and-rhel5/
>>>
>>>
>>> http://serverfault.com/questions/296765/cannot-find-ssl-libraries-when-configuring-stunnel​
>>>
>>> ​These links involve re-compiling OpenSSL and Stunnel, in that order. I
>>> would opt for OpenSSL 1.0.2k (latest as of 20170412) since 1.0.1 and below
>>> are all EOL as of 12/31/2016. OpenSSL 0.9.8 supports only TLS v1.0​,
>>> whereas OpenSSL 1.0.1 supports TLS v1.0, v1.1 and v1.2.
>>>
>>>  -Rob
>>>
>>
>>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20170413/c8e353e6/attachment-0001.html>


More information about the stunnel-users mailing list