OpenSSL 1.0.x on CentOS 5.x
Our server is running CentOS 5 and there is currently no way to upgrade it to CentOS 6 or newer. Well, if you are aware of a safe way, tell me. Anyway, the problem is with the provided standard OpenSSL 0.9.8 version which does not support TLS2 and PayPal will need it starting in June.
I know there are some workaround howtos on how to install newer OpenSSL versions on CentOS 5 and I can compile it myself. However, I suppose it would be also necessary to recompile Apache?
Any problems I should expect in regards to cPanel functionality?
-
Hi, I'd recommend only doing an Upgrade to CentOS 6 or 7 (preferably 7). While there are upgrade paths for CentOS, I'd highly recommend getting a new server, and then moving your accounts to that new server and then decommissioning the old system. 0 -
The upgrade is not possible at the time being. There is sw on the server that requires old versions of php, mysql etc. Upgrading is a nonsense, believe me. We have a very complicated setup on that particular server. We will be moving the service to a new server, including new domain etc, but that will be a process that starts in several months and we need the solution much sooner. Basically, we do not really need TLS 1.2 as we do not process payments on our website directly (handled by 3rd party). However, PayPal will need it starting from June, for sending the automated payment notifications. So a quick solution is what we need now. Good solution will have to wait a bit longer. 0 -
This is probably the best howto I have found so far: gbservers.co.uk/centos-5-tls-1-2-support-cpanelwhm/ CentOS 5 TLS 1.2 support with cPanel/WHM I would probably compile the source into a checkinstall RPM and install the RPM, instead of installing the source directly, for simpler upgrading later. Anyway, as I mentioned before, it would be just a temporary solution. 0 -
Hello :) Your best option is to use a custom workaround as suggested in the previous post if upgrading to CentOS 7 is not currently not possible. Keep in mind these custom workarounds are not supported, so you should use extra caution when taking this type of action. Thank you. 0 -
Thanks for the information! If anyone was in the same situation and successfully upgraded the OpenSSL version on CentOS 5, feel free to contact me with any extra tips on how to do the upgrade properly. 0 -
Just wanted to check if someone was actually able to install the new OpenSSL as per the instructions above? Any suggestions would help, as we will start upgrading it later this month so I wanted to know what to expect. 0 -
OK, not sure if this has been mentioned anywhere or not but just an update - if, like us, you wanted to upgrade OpenSSL to a new version just because PayPal required it, starting June 17 2016, you do not need to worry as just Today I learned PayPal postponed the date by more than a year to June 30 2017. So, no need to upgrade now, and plenty of time to move to a new server. [sarcastic]The newer OpenSSL versions will be just as buggy as all the previous versions anyway...[/sarcastic] EDIT: Here is the URL to the PayPal update information: 0 -
Just wanted to check if someone was actually able to install the new OpenSSL as per the instructions above? Any suggestions would help, as we will start upgrading it later this month so I wanted to know what to expect.
Please also keep in mind that cPanel 56 is the last version to support CentOS 5: March 31st, 2017: The Day the Sun Sets on CentOS 5 | cPanel Blog Thank you.0 -
That's OK, we will be moving to a new server anyway, but the OpenSSL update would just complicate the process as we do not want to make any SW changes on the old/current server. If only CentOS was easy to upgrade... 0
Please sign in to leave a comment.
Comments
9 comments