Red Hat backports security fixes to older versions so if you keep your RHEL installation up-to-date with 'yum update' you should not need to install newer upstream releases on the system. Regards, Tomas Mraz On Tue, 2022-11-08 at 08:51 +0100, Matthias Apitz wrote: > El día martes, noviembre 08, 2022 a las 08:26:54a. m. +0100, Tomas > Mraz escribió: > > > Hi, > > > > Red Hat patches its OpenSSL implementation with some additional API > > calls. That means you cannot use builds from an unpatched upstream > > OpenSSL tarball in place of the system libcrypto and libssl > > libraries. > > > > The proper way is to always obtain updated system packages from > > your > > vendor, i.e., Red Hat. Otherwise you would have to try to update > > the > > source rpm package from RHEL with new openssl version keeping the > > patches that Red Hat adds to it. That is definitely not a trivial > > endeavour. > > > > If, for some reason, you need newer OpenSSL package for some > > particular > > application that you install to the system, it should be possible > > to > > keep the system openssl package untouched, install the upstream > > OpenSSL > > package somewhere into /opt or /usr/local, and link that > > application > > against this installation of OpenSSL. > > > > The primary question to ask is - why do you need to install > > openssl 1.1.1l on RHEL-8.6? > > > > Tomas Mraz, OpenSSL > > Thanks for your answer and explanation. We updated all our server on > SuSE > Linux SLES and RedHat to openssl 1.1.1l due to an announced security > problem (do > not remember the CVE, perhaps you will know better). The RH 8.6 > server > has: > > # /usr/bin/openssl version > OpenSSL 1.1.1k FIPS 25 Mar 2021 > > we use: > > # /usr/local/sisis-pap/bin/openssl version > OpenSSL 1.1.1l 24 Aug 2021 > > and have linked all our application servers agains this version. > > matthias > > -- Tomáš Mráz, OpenSSL
