openssl upgrade workaround

[pierob83]

Hello, I've a Debian 6 server with a legacy application. I must urgently use TLS 1.2 on nginx.

Debian 6 has openssl 0.9.8o so I can't use the upgraded and secured version of TLS 1.2.

Which workaround can I use? Many thanks to everyone!

[debiman]

debian 6 is dead, EOL, insecure.
there is no workaround really; you must use a debian version that still receives security upgrades. i think jessie (8) is the oldest currently.

[Wheelerof4te]

^Not for long:
https://www.debian.org/security/2018/dsa-4205

I don't consider LTS a substitute for good security support.

[pierob83]

can I think to implement a reverse proxy with an additional server, so the frontend (with the new TLS) will reverse proxy http and https requests to the backend (the actual Debian 6 server)?
thanks

[debiman]

^ what??? O_o

^Not for long:
https://www.debian.org/security/2018/dsa-4205

oh, how time flies!
time to do that dist-upgrade then...

I don't consider LTS a substitute for good security support.

sorry, you lost me there. no clue what that means.

[Wheelerof4te]

sorry, you lost me there. no clue what that means.

Debian has introduced LTS support for it's older releases, starting from Debian 6. LTS support lasts up to 2 years after a release has been out of regular security support. So for Jessie, LTS support starts from the moment it leaves regular support period on June 17th. LTS is not managed by Debian's security team, but a separate team.
However, the nature of such support is questionable, and only a few core packages are supported. So, I don't consider it a valid security and any other support.

[debiman]

thanks for clarifying, i didn't know about those differences.