0

I am on redhat 5.11. I want to enable SNI with apache, but I only have Apache/2.2.3 + OpenSSL 0.9.8e-fips-rhel5. I am in a very similar situation like this https://access.redhat.com/discussions/1320983

Based on this, https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI, it seems I need to compile openssl and apache from source. Is it possible that I install the new openssl and apache from rpm packages, not compiling from source?

If I have to compile them from source, is it step-by-step guide? (I found a debian guide: https://www.howtoforge.com/enable-multiple-https-sites-on-one-ip-using-tls-extensions-on-debian-etch) and this: Installing OpenSSL that supports SNI along with previous version of OpenSSL

Improve this question
6
  • 1
    Might be time to do an OS upgrade. Commented Aug 20, 2015 at 5:52
  • I never have experience on upgrading redhat 5 to 6. Will lots of things break? Commented Aug 20, 2015 at 5:56
  • RedHat provides a way to do an upgrade between majour releases, but they do not recommend using it. access.redhat.com/solutions/21964 The best thing would be to just install a fresh system and copy the data over. Commented Aug 20, 2015 at 6:02
  • 1
    RHEL 5 is in Production 3 phase. You should not be deploying anything new on it, as it will go EOL soon. Migrate to a new RHEL 7 server with a current Apache and OpenSSL version. Commented Aug 20, 2015 at 6:06
  • 2
    @kenpeter, if you think that's a nightmare just keep in mind it's a bigger nightmare to troubleshoot an unsupported software configuration. When things go wrong, and they will go wrong, you will have a hard time finding help for your shoe horned installation. Commented Aug 20, 2015 at 6:36

1 Answer 1

Reset to default
0

There are a lot of people still running RHEL 5 / CentOS 5 for several reasons. Unfortunately RHEL 5 is out of support and additionally there was never a package with OpenSSL >= 1 for RHEL 5.

If you don't have any concerns about using a foreign repo then you can use "tuxad repo". It provides a different and more easy way to update OpenSSL of RHEL 5 to the one of RHEL 6 (which is still supported):

  1. Install tuxad repo for RHEL 5: rpm -i http://www.tuxad.de/repo/5/tuxad.rpm
  2. Update packages: yum update

More details can be found here:

www.tuxad.de/blog/archives/2014/11/19/openssl_updatesenhancements_for_rhel__centos_5 www.tuxad.de/blog/archives/2018/07/21/tuxad_rh5_repo_now_with_phpopenssl1

This repo contains several packages which are rebuild against OpenSSL 1:

  • httpd (also include other enhancements like ECDH support)
  • postfix
  • dovecot
  • curl
  • lynx
  • mutt
  • vsftpd
  • w3m
  • wget
  • php
  • php from RHEL 6 backported (in separate repo "tuxad-php")
Improve this answer
2
  • Dear God, WHY? Let it fade into the dustbin of history where it belongs. Commented Jul 29, 2018 at 15:23
  • :-) Well, sometimes there are requirements for this. Right now I was not able to install RHEL 7 on my router - or at least not able to install it RUNNABLE. And right now I still don't understand why an init system requires some bloat like a QR encoding library. ;-) Commented Aug 11, 2018 at 18:26

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.