1

In Live server we have perl version 5.6.1,recently we have enabled TLS 1.2 which resulted in a error "500 SSL Negotiation failed". Earlier we have TLS 1.0 we don't have any issues. Enabling TLS 1.2 is unavoidable which is mandatory. How to resolve this issue?

I have searched & found that SOAP-LITE module has to be installed in order to resolve the above issue but the version 5.6.1 does not support SOAP-LITE module. It is available in active perl 5.8 and above version. Is it adviseable to upgrade to 5.8 version inorder to install soap::Lite?

I have used the modules MSSQL::DBLIB and MSSQL::SQLLIB in this project, Will upgrade supports this module?

Maria
  • 297
  • 1
  • 5
  • 18
  • 1
    SOAP::Lite shouldn't have anything to do with TLS version support; I suspect whatever your search found was misleading. If you aren't already using SOAP::Lite, there is no way installing it is going to just fix things for you. TLS 1.2 is very new and perl 5.6.1 is almost 19 years old; you may or may not be able to update some modules and get TLS 1.2 support - many modules no longer support 5.6. You should definitely look into upgrading your perl (ideally well beyond 5.8, which is 12+ years old). – ysth Mar 16 '20 at 16:59
  • 1
    *Upgrade* to 5.8? That's not an upgrade when perl's at 5.30... – Shawn Mar 16 '20 at 17:43
  • @ysth: From which version of perl supports TLS 1.2 ? i am using MSSQL::DBLIB ,MSSQL::SQLLIB ,which should be supported by upgraded version. i.e. MSSQL::DBLIB ,MSSQL::SQLLIB and TLS1.2 are supported in which version? – Maria Mar 16 '20 at 18:36

1 Answers1

2

Given how old your version of Perl is it is very likely that your version of OpenSSL (which is used at the end for SSL connectivity in Perl) is as old too. Support for TLS 1.2 was added with OpenSSL 1.0.1 which was released 2012. Perl 5.6.1 was released in 2000 while in 2012 we already had Perl 5.14.

And it is not unlikely that the rest of your software is similar outdated and unsupported and likely insecure too.

How to resolve this issue?

Finally upgrade your long unsupported software stack. You can try to only update openssl and rebuild Crypt::SSLeay (likely no Net::SSLeay is used yet) to keep changes minimal but I'm not sure that this will work or even compile.

Steffen Ullrich
  • 114,247
  • 10
  • 131
  • 172