Syndicate
Site (RSS, Atom)
Contact
Weblog status
Total entries: 50
Last entry: 2016-10-17 22:22:03
Last updated: 2016-10-18 07:57:57
powered by vim, bash, cat, grep, sed, and nb 3.4.2

May 2016 Archives

2016-05-28 18:51:17

RHEL 5 RPM packages with SSL enhancements

Some RPM packages of the tuxad repo got SSL improvements (compiled against openssl1 package). Most changes were done in the Apache package:

httpd-2.2.3-91.1.el5_11.rpm

  • recompiled against openssl1 package (ported from RHEL 6)
  • requires openldap-openssl1
  • use bigger DH params
  • some secure basic options for SSL_CTX_set_options() hardcoded
  • basic ECDH support
  • improved default SSLCipherSuite in ssl.conf
  • configurable DH params by SSLDhParamsFile config option
  • weekly cronjob for updating dh2048.pem

postfix-2.3.3-7.tls1.el5_11

  • bigger DH params
  • disable TLS compression and enable cipher server preference
  • basic ECDH support

dovecot-1.0.7-9.4.log.dh2

In March dovecot got basic ECDH support and support for refreshable and bigger DH params. Latest change now was disabling compression and enabling cipher server preference.

new packages

New packages are ucspi-ssl (with the same SSL improvements like the other packages) and a tiny script ssltest.sh for getting the cipher list and DH params of a server.


Posted by Frank W. Bergmann | Permanent link | File under: ssl, encryption, rpm, yum, repository, redhat, openssl, http, apache, smtp