Is it possible to enable TLS v 1.2 in Debian squeeze

Question

I am currently running a Debian Squeeze server with Apache. My OpenSSL version is 0.9.8, and I would like to get up to a version capable of running TLS v 1.2. So far my research shows that this is not possible, but I feel like I am missing something. Is there an upgrade path that would allow me to do this, or do I need to rebuild my server with a newer version of Debian?

score 6 · Accepted Answer · answered Nov 18 '14 at 12:00

6

OpenSSL supports TLSv1.2 since version 1.0.1. However, the latest version for Squeeze is 0.9.8. You can find backport here or build it from source.

answered Nov 18 '14 at 12:00

Viktor

301
2
4

how does Apache react to this? – Sverre Jan 14 '15 at 09:26
1

@Sverre enabling TLSv1.2 is described in Apache [documentation](http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslprotocol) – Viktor Jan 14 '15 at 14:48
1

FYI the build that's compiled there is 1.0.1c, my understanding is that heartbleed affects everything up to 1.0.1g. Up to you if that matters, but it seems like if you want the newer (and theoretically more secure) protocol, reintroducing that particular beasty along the way may not be a total win. Bah I didn't put this as a comment in the place I meant to. Sorry, long time visiter but first time I've actually felt well enough read to have anything to add :) – Jan 15 '15 at 06:38
How do you install the linked backport, i.e. https://github.com/mezentsev/OpenSSL-Backport? The readme doesn't explain s**t – matteo May 29 '18 at 17:11
It is compiled from source as any other version of OpenSSL. You can look openssl-1.0.1c/debian/rules for direct commands if you're not familiar with dpkg. Installation of .deb package is described in Readme. For non-debian installation you should just run "make install" as a superuser the same way as for any other package. However, for security reasons I'd strongly recommend to google for a backport of any newer version of OpenSSL. – Viktor May 30 '18 at 13:35

score 1 · Answer 2 · answered May 09 '20 at 00:44

1

Debian 7 (squeeze) is End-Of-Live for a while now, please upgrade to at least Debian 8 (jessie) which comes with openssl 1.0.1 which supports TLSv1.2

answered May 09 '20 at 00:44

rubo77

2,469
4
34
66

score 1 · Answer 3 · answered Jun 14 '15 at 21:04

1

Debian Squeeze comes with OpenSSL 0.9.8o, which only supports TLS 1.0.

I think your two options are:

Get a backport of OpenSSL 1.0.1g or higher.
Use GnuTLS instead of OpenSSL.

For the second option, see e.g. https://www.nnbfn.net/2011/05/tls-1-2-support-in-apache2/

answered Jun 14 '15 at 21:04

MacFreek

136
3

link does not work any more (HTTP 404) – user1053510 Apr 02 '20 at 08:19

Is it possible to enable TLS v 1.2 in Debian squeeze

3 Answers3