openssl upgrade workaround

Kernels & Hardware, configuring network, installing services

openssl upgrade workaround

Postby pierob83 » 2018-05-31 16:50

Hello, I've a Debian 6 server with a legacy application. I must urgently use TLS 1.2 on nginx.

Debian 6 has openssl 0.9.8o so I can't use the upgraded and secured version of TLS 1.2. :?

Which workaround can I use? Many thanks to everyone!
pierob83
 
Posts: 2
Joined: 2018-05-31 16:44

Re: openssl upgrade workaround

Postby debiman » 2018-05-31 17:06

debian 6 is dead, EOL, insecure.
there is no workaround really; you must use a debian version that still receives security upgrades. i think jessie (8) is the oldest currently.
User avatar
debiman
 
Posts: 2405
Joined: 2013-03-12 07:18

Re: openssl upgrade workaround

Postby Wheelerof4te » 2018-05-31 17:52

^Not for long:
https://www.debian.org/security/2018/dsa-4205

I don't consider LTS a substitute for good security support.
User avatar
Wheelerof4te
 
Posts: 999
Joined: 2015-08-30 20:14

Re: openssl upgrade workaround

Postby pierob83 » 2018-06-01 07:59

can I think to implement a reverse proxy with an additional server, so the frontend (with the new TLS) will reverse proxy http and https requests to the backend (the actual Debian 6 server)?
thanks
pierob83
 
Posts: 2
Joined: 2018-05-31 16:44

Re: openssl upgrade workaround

Postby debiman » 2018-06-02 11:30

^ what??? O_o

Wheelerof4te wrote:^Not for long:
https://www.debian.org/security/2018/dsa-4205
oh, how time flies!
time to do that dist-upgrade then...

I don't consider LTS a substitute for good security support.

sorry, you lost me there. no clue what that means.
User avatar
debiman
 
Posts: 2405
Joined: 2013-03-12 07:18

Re: openssl upgrade workaround

Postby Wheelerof4te » 2018-06-02 12:13

debiman wrote:sorry, you lost me there. no clue what that means.

Debian has introduced LTS support for it's older releases, starting from Debian 6. LTS support lasts up to 2 years after a release has been out of regular security support. So for Jessie, LTS support starts from the moment it leaves regular support period on June 17th. LTS is not managed by Debian's security team, but a separate team.
However, the nature of such support is questionable, and only a few core packages are supported. So, I don't consider it a valid security and any other support.
User avatar
Wheelerof4te
 
Posts: 999
Joined: 2015-08-30 20:14

Re: openssl upgrade workaround

Postby debiman » 2018-06-03 06:43

thanks for clarifying, i didn't know about those differences.
User avatar
debiman
 
Posts: 2405
Joined: 2013-03-12 07:18


Return to System configuration

Who is online

Users browsing this forum: No registered users and 10 guests

fashionable