Hello, I've a Debian 6 server with a legacy application. I must urgently use TLS 1.2 on nginx.
Debian 6 has openssl 0.9.8o so I can't use the upgraded and secured version of TLS 1.2.
Which workaround can I use? Many thanks to everyone!
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
openssl upgrade workaround
Re: openssl upgrade workaround
debian 6 is dead, EOL, insecure.
there is no workaround really; you must use a debian version that still receives security upgrades. i think jessie (8) is the oldest currently.
there is no workaround really; you must use a debian version that still receives security upgrades. i think jessie (8) is the oldest currently.
-
- Posts: 1454
- Joined: 2015-08-30 20:14
Re: openssl upgrade workaround
^Not for long:
https://www.debian.org/security/2018/dsa-4205
I don't consider LTS a substitute for good security support.
https://www.debian.org/security/2018/dsa-4205
I don't consider LTS a substitute for good security support.
Re: openssl upgrade workaround
can I think to implement a reverse proxy with an additional server, so the frontend (with the new TLS) will reverse proxy http and https requests to the backend (the actual Debian 6 server)?
thanks
thanks
Re: openssl upgrade workaround
^ what??? O_o
time to do that dist-upgrade then...
oh, how time flies!Wheelerof4te wrote:^Not for long:
https://www.debian.org/security/2018/dsa-4205
time to do that dist-upgrade then...
sorry, you lost me there. no clue what that means.I don't consider LTS a substitute for good security support.
-
- Posts: 1454
- Joined: 2015-08-30 20:14
Re: openssl upgrade workaround
Debian has introduced LTS support for it's older releases, starting from Debian 6. LTS support lasts up to 2 years after a release has been out of regular security support. So for Jessie, LTS support starts from the moment it leaves regular support period on June 17th. LTS is not managed by Debian's security team, but a separate team.debiman wrote:sorry, you lost me there. no clue what that means.
However, the nature of such support is questionable, and only a few core packages are supported. So, I don't consider it a valid security and any other support.