TLS 1.2 - Questions
As of December 2015, there is a major push to disable EVERY SINGLE encryption that is less than TLS 1.2 (that includes TLS 1.1, TLS 1.0, all SSL versions).
We've been contacted by our PCI representative and all PCI certifications have been updated and will only accept TLS 1.2 and nothing else. Same thing with our various REST/API providers who are making the change within December.
Unfortunately, there are some issues like CentOS 5, which is still within its lifetime, but it does not provide TLS 1.2 libraries via openssl.
I'm waiting to see how cPanel will respond. Are they going to provide TLS 1.2 for all their supported operating systems?
Your comments would be appreciated.
Thank you.
-
Apparently someone named Kenneth thinks that the EOL in 2017 is irrelevant and that we should create new servers with a recent CentOS version. Provide OpenSSL 1.0.1c or Higher as cPanel RPM, to allow TLS 1.1, TLS 1.2 0 -
Hello, OpenSSL is provided by your operating system (e.g. CentOS), not by cPanel. If you want TLS 1.2 support on CentOS 5 then you need to petition either Red Hat, or CentOS, to make a newer version of OpenSSL available. I believe there are some projects that make newer OpenSSL RPMs available on CentOS 5. With the end of life of CentOS 5 only 17 months away, now is the time to start moving to a newer OS. CentOS 7 is recommended. 0 -
Last time I checked, EasyApache used its own deprecated libraries and would ignore our custon openssl. Has that changed? oh and 17 months is a bit over a whole YEAR... you make it sound like EOL is in 17 days :) 0 -
Note that others visiting this thread can find additional discussion of the PCI compliance issue (including information about the extended deadline) at: I need to disable TLS v1.0 Thank you. 0
Please sign in to leave a comment.
Comments
4 comments