LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

January 2010

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS January 2010

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: OpenSSL 1.x
From:	Steve Traylen <[log in to unmask]>
Reply To:	Steve Traylen <[log in to unmask]>
Date:	Fri, 29 Jan 2010 09:18:36 +0100
Content-Type:	text/plain
Parts/Attachments:	text/plain (68 lines)

On Jan 28, 2010, at 9:15 PM, P. Larry Nelson wrote:

> Hi Troy,
> 
> Troy Dawson wrote on 1/28/2010 1:55 PM:
>> P. Larry Nelson wrote:
>>> Hi,
>>> 
>>> I just received a "HIGH criticality" email from
>>> [log in to unmask] stating:
>>> 
>>> "Do NOT upgrade to OpenSSL 1.x. The new OpenSSL version breaks the
>>> certificate authentication for OSG/VDT."
>>> 
>>> Not having my ear to the ground vis-a-vis openssl, does anyone know if
>>> that version is due to be released soon?  Will it come from TUV or
>>> directly from openssl.org?  (Troy/Connie question)
>>> 
>>> Right now, we have openssl-0.9.8e-12.el5_4.1.
>>> 
>>> I suppose the thing to do is to go and edit the yum.cron.excludes on
>>> all our OSG nodes to block openssl* until this issue is fixed.  [sigh...]
>>> 
>>> - Larry
>>> 
>> 
>> Scientific Linux, and RHEL are enterprise linux distributions.
>> This means that they do *not* just update to the latest versions of 
>> packages.  RedHat and SL will *not* just update to the latest version of 
>> openssl, just because it was released.
>> 
>> SL 4.0 had openssl 0.9.7a
>> SL 4.8 has openssl 0.9.7a
>> 
>> Thas is after five years, we still have the same version of openssl.
>> RedHat backports all the security fixes into the 0.9.7a version for 
>> RHEL4 (and hense SL4).
>> 
>> SL 5.0 had openssl 0.9.8b
>> SL 5.4 has openssl 0.9.8e

Even SL6 won't have openssl 1. It was only added after FC12 that SL6 will eventually be based on.
 Steve


>> 
>> After 3 years, SL5 is still at version 0.9.8, although we have moved 
>> from b to e.
>> I cannot say for 100% certain, because we are not RedHat.  But according 
>> to all their policies, goals, statements and past history, they are not 
>> going to move openssl above version 0.9.8 for RHEL 5 (and hense SL5)
>> 
>> Troy
> 
> Thanks for the info and history lesson.  I didn't know and didn't want
> to assume.  As far as I knew, openssl 1.x might have been a big hairy
> deal security fix that was imminent.
> 
> - Larry
> 
> -- 
> P. Larry Nelson (217-244-9855) | Systems/Network Administrator
> 461 Loomis Lab                 | High Energy Physics Group
> 1110 W. Green St., Urbana, IL  | Physics Dept., Univ. of Ill.
> MailTo:[log in to unmask]        | http://www.roadkill.com/lnelson/
> -------------------------------------------------------------------
>  "Information without accountability is just noise."  - P.L. Nelson

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV