0

Trying to Test my SSL Server test at

https://www.ssllabs.com/ssltest/analyze.html?d=cp3.co.in

and getting "C" grade with error 

No support for TLS 1.2, which is the only secure protocol version.

also when trying to update OpenSSL not a single available command showing OpenSSL 1.0 update

my current open SSL version 

OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008

Please help me to achieve this, i am not a server specialist.

nis_ind
  • 1
  • 1
  • 1
    To @HBruijn point, you will need to rebuild your OS to a version that has OpenSSL v1.0.1 or later to achieve this. CentOS 6 will work just fine. Otherwise you would have to do your own stand-alone builds of everything which is not advisable, especially since you mentioned you are not a server specialist. Also, CentOS 5.9 isn't even supported at all. Openssl issues aside, the latest point release of CentOS 5 is 5.11. This means you have vulnerabilities to remediate. – Aaron Jun 13 '16 at 19:35
  • @aaron Thanks for the kind reply, just want to know if i will go for centos update then do i have to rebuild the whole server settings again, i mean i have more than 20 sites running so i want to know the risk. – nis_ind Jun 14 '16 at 05:14
  • Yes. Ideally, you could put all those settings in a configuration management system such as Ansible, Chef or Puppet so that you do not have to manually reconfigure things every time and you can rebuild servers as you need to. This assumes you also have a backup or data migration or data access strategy for your volatile data, such as web content, user-contributed files, etc... – Aaron Jun 14 '16 at 15:39

1 Answers1

3

You do realise that RHEL 5 was released in 2007 well before TLS 1.2 was defined in 2008?

And although Red Hat backports security updates and bug fixes, as far as I know TLS 1.2 support was not.

You'll need to upgrade your OS and have found yet another good reason to do so.

HBruijn
  • 77,029
  • 24
  • 135
  • 201