The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

OpenSSL 1.0.x on CentOS 5.x

Discussion in 'Workarounds and Optimization' started by tomfra, Mar 7, 2016.

Tags:
  1. tomfra

    tomfra Well-Known Member

    Joined:
    Sep 30, 2002
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    6
    Our server is running CentOS 5 and there is currently no way to upgrade it to CentOS 6 or newer. Well, if you are aware of a safe way, tell me. Anyway, the problem is with the provided standard OpenSSL 0.9.8 version which does not support TLS2 and PayPal will need it starting in June.

    I know there are some workaround howtos on how to install newer OpenSSL versions on CentOS 5 and I can compile it myself. However, I suppose it would be also necessary to recompile Apache?

    Any problems I should expect in regards to cPanel functionality?
     
  2. cPJacob

    cPJacob cPanel Product Owner
    Staff Member

    Joined:
    May 2, 2014
    Messages:
    508
    Likes Received:
    64
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Hi,

    I'd recommend only doing an Upgrade to CentOS 6 or 7 (preferably 7). While there are upgrade paths for CentOS, I'd highly recommend getting a new server, and then moving your accounts to that new server and then decommissioning the old system.
     
  3. tomfra

    tomfra Well-Known Member

    Joined:
    Sep 30, 2002
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    6
    The upgrade is not possible at the time being. There is sw on the server that requires old versions of php, mysql etc. Upgrading is a nonsense, believe me. We have a very complicated setup on that particular server.

    We will be moving the service to a new server, including new domain etc, but that will be a process that starts in several months and we need the solution much sooner.

    Basically, we do not really need TLS 1.2 as we do not process payments on our website directly (handled by 3rd party). However, PayPal will need it starting from June, for sending the automated payment notifications.

    So a quick solution is what we need now. Good solution will have to wait a bit longer.
     
  4. tomfra

    tomfra Well-Known Member

    Joined:
    Sep 30, 2002
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    6
    This is probably the best howto I have found so far:

    gbservers.co.uk/centos-5-tls-1-2-support-cpanelwhm/
    CentOS 5 TLS 1.2 support with cPanel/WHM

    I would probably compile the source into a checkinstall RPM and install the RPM, instead of installing the source directly, for simpler upgrading later.

    Anyway, as I mentioned before, it would be just a temporary solution.
     
    #4 tomfra, Mar 7, 2016
    Last edited by a moderator: Mar 7, 2016
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Your best option is to use a custom workaround as suggested in the previous post if upgrading to CentOS 7 is not currently not possible. Keep in mind these custom workarounds are not supported, so you should use extra caution when taking this type of action.

    Thank you.
     
  6. tomfra

    tomfra Well-Known Member

    Joined:
    Sep 30, 2002
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    6
    Thanks for the information! If anyone was in the same situation and successfully upgraded the OpenSSL version on CentOS 5, feel free to contact me with any extra tips on how to do the upgrade properly.
     
  7. tomfra

    tomfra Well-Known Member

    Joined:
    Sep 30, 2002
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    6
    Just wanted to check if someone was actually able to install the new OpenSSL as per the instructions above? Any suggestions would help, as we will start upgrading it later this month so I wanted to know what to expect.
     
  8. tomfra

    tomfra Well-Known Member

    Joined:
    Sep 30, 2002
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    6
    OK, not sure if this has been mentioned anywhere or not but just an update - if, like us, you wanted to upgrade OpenSSL to a new version just because PayPal required it, starting June 17 2016, you do not need to worry as just Today I learned PayPal postponed the date by more than a year to June 30 2017. So, no need to upgrade now, and plenty of time to move to a new server.

    [sarcastic]The newer OpenSSL versions will be just as buggy as all the previous versions anyway...[/sarcastic]

    EDIT: Here is the URL to the PayPal update information:

    https://www.paypal-knowledge.com/in...t&widgetview=true&id=FAQ1913&viewlocale=en_US
     
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Please also keep in mind that cPanel 56 is the last version to support CentOS 5:

    March 31st, 2017: The Day the Sun Sets on CentOS 5 | cPanel Blog

    Thank you.
     
  10. tomfra

    tomfra Well-Known Member

    Joined:
    Sep 30, 2002
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    6
    That's OK, we will be moving to a new server anyway, but the OpenSSL update would just complicate the process as we do not want to make any SW changes on the old/current server.

    If only CentOS was easy to upgrade...
     
Loading...

Share This Page