Re: OpenSSL Version 1.0.2 is not supported

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Tue, Mar 3, 2020 at 7:32 PM Jonathan Billings <billings@xxxxxxxxxx>
wrote:

> On Tue, Mar 03, 2020 at 07:02:40PM +0530, Kaushal Shriyan wrote:
> > I have gone through the article
> > https://access.redhat.com/security/updates/backporting/. I am having a
> > follow up question. Do I need to wait for the OpenSSL version 1.1.1d to
> be
> > available on CentOS 7.x once it is tested in the upstream RHEL 7.x
> > version?  Please correct me if I misunderstood anything. I look forward
> to
> > hearing from you and thanks in advance.
>
> To quote the article:
>
> > We use the term backporting to describe the action of taking a fix
> > for a security flaw out of the most recent version of an upstream
> > software package and applying that fix to an older version of the
> > package we distribute.
>
> Basically, you'll likely never see version 1.1.1d in CentOS 7.  Any
> software fixes will be backported to the version in CentOS 7, 1.0.2k.
>
> The release will be incremented as new updates in CentOS come out, but
> it'll continue to be 1.0.2k until Red Hat decides to do a rebase.
> That doesn't happen until there are features that are needed that are
> too difficult to backport.  There have been OpenSSL rebases
> mid-release (in c5 and c6 I think), and I remember it caused a lot of
> problems, so I don't look forward to it.
>
> I think you need to back up and ask yourself *WHY* you are demanding
> the latest release of OpenSSL.  Do you need features that are not
> available in the OpenSSL in CentOS 7?  Is there an auditor saying you
> must have some version to be secure?
>
> If you must have versions of OpenSSL not in CentOS7, I suggest looking
> at packaging your application that uses SSL in a docker container that
> has that version available.  Perhaps CentOS 8 will work for you.
>
> --
> Jonathan Billings <billings@xxxxxxxxxx>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos


Thanks Jonathan and  Leon for the explanation and much appreciated.

Best Regards,

Kaushal
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]

  Powered by Linux