El día martes, noviembre 08, 2022 a las 08:26:54a. m. +0100, Tomas Mraz escribió: > Hi, > > Red Hat patches its OpenSSL implementation with some additional API > calls. That means you cannot use builds from an unpatched upstream > OpenSSL tarball in place of the system libcrypto and libssl libraries. > > The proper way is to always obtain updated system packages from your > vendor, i.e., Red Hat. Otherwise you would have to try to update the > source rpm package from RHEL with new openssl version keeping the > patches that Red Hat adds to it. That is definitely not a trivial > endeavour. > > If, for some reason, you need newer OpenSSL package for some particular > application that you install to the system, it should be possible to > keep the system openssl package untouched, install the upstream OpenSSL > package somewhere into /opt or /usr/local, and link that application > against this installation of OpenSSL. > > The primary question to ask is - why do you need to install > openssl 1.1.1l on RHEL-8.6? > > Tomas Mraz, OpenSSL Thanks for your answer and explanation. We updated all our server on SuSE Linux SLES and RedHat to openssl 1.1.1l due to an announced security problem (do not remember the CVE, perhaps you will know better). The RH 8.6 server has: # /usr/bin/openssl version OpenSSL 1.1.1k FIPS 25 Mar 2021 we use: # /usr/local/sisis-pap/bin/openssl version OpenSSL 1.1.1l 24 Aug 2021 and have linked all our application servers agains this version. matthias -- Matthias Apitz, ✉ guru@xxxxxxxxxxx, http://www.unixarea.de/ +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub
Attachment:
signature.asc
Description: PGP signature
