OpenSSL 1.0.2 on Red Hat 6
Hi all,
OpenSSL 1.0.1 as delivered on Red Hat 6 will officialy end support on 31/12/2016.
Will Red Hat make OpenSSL 1.0.2 available on Red Hat 6?
Responses
Pro
798 points
Possible, but not likely. Red Hat's general pattern is to back-port the security patches from the current version (1.0.2 - or later) to the version originally released with a given major OS version (in this case, whichever version of OpenSSL was included in RHEL 6.0).
That said, they did "re-base" from OpenSSL 1.0.0 to 1.0.1e in 2013. They may do it again, but not necessarily when the "upstream" project (OpenSSL) ends support.
I've been following https://bugzilla.redhat.com/show_bug.cgi?id=1276310, but it seems solely targeted at el7.
Hi,
My auditor asking to upgrade OpenSSL 1.0.2m due to VA and EOL of current version OpenSSL 1.0.1e-fips.
My server is running in CentOS release 6.6, is it possible to upgrade to the version 1.0.2m?
Red Hat
Guru
7252 points
No, the EL6 OpenSSL package will not be updated to 1.0.2.
EL6 is in "Maintenance Support" development phase where only critical bugs are fixed. New features or package versions are not added anymore.
If you need a newer feature which is in OpenSSL 1.0.2 then you need to upgrade to EL7.
The RHEL product lifecycle is explained at: https://access.redhat.com/support/policy/updates/errata/
CentOS consume the RHEL source so that development process applies to them too.
That being said, just because upstream OpenSSL have ended a version does not mean that Red Hat have ended the version. We still offer full usage and configuration support on RHEL6. If there is a critical-grade security bug in EL6's package, it's possible we'll include just the patch which fixes the vulnerability.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.