Results 1 to 8 of 8

Thread: Update TLS

  1. #1
    Join Date
    Feb 2006
    Posts
    888

    Update TLS

    I have an old VM on FreeBSD 7.2 because of an old encrypted app. However, I need to update to a newer version of TLS for email/Exim reasons because some email servers won't talk to it. How can I do that?

    Thanks!

  2. #2
    Join Date
    May 2008
    Location
    Bulgaria
    Posts
    980
    The OpenSSL is in the base system; however FreeBSD can be upgraded very easily with the freebsd-update utility.

  3. #3
    Join Date
    Feb 2006
    Posts
    888
    Thank you for your reply.

    Quote Originally Posted by wattie View Post
    The OpenSSL is in the base system; however FreeBSD can be upgraded very easily with the freebsd-update utility.
    But then of course the site wouldn't work anymore.

  4. #4
    Join Date
    May 2008
    Location
    Bulgaria
    Posts
    980
    How come the site depends on what is the transport layer under it?

    You can think of installing OpenSSL from ports... but it will be very complicated setup.

  5. #5
    Join Date
    May 2008
    Location
    Bulgaria
    Posts
    980
    Here are my thoughts on that:

    1. You can install the security/openssl port and add "DEFAULT_VERSIONS+= ssl=openssl" to /etc/make.conf - this will make all apps to use the newer (ports) version. The old openssl however will still be present (as it's in base). Check here: https://wiki.freebsd.org/OpenSSL

    2. Find a way to make httpd to use the path to the old version. This will require custom compilation.

    It should be possible but still... I can't think of a reason that a website should be dependent on the transport layer below it. I guess it communicates with some old software on another server? Maybe it's time for software upgrade

    SSL is insecure.
    Last edited by wattie; 05-28-2018 at 01:17 PM.

  6. #6
    Join Date
    Feb 2006
    Posts
    888
    Quote Originally Posted by wattie View Post
    Here are my thoughts on thatl... I can't think of a reason that a website should be dependent on the transport layer below it. I guess it communicates with some old software on another server? Maybe it's time for software upgrade SSL is insecure.
    I believe you understand this better than I. What you just said makes sense. I need to think about it. As far as updating the software, the company went out of business and there isn't anything out there like it to replace it. We are looking at another angle though.

    Thanks!

  7. #7
    Join Date
    May 2008
    Location
    Bulgaria
    Posts
    980
    Did you ever try to migrate the website to a newer server with TLS connection at all?

    I don't mean to upgrade it to newer PHP version for example - no, that probably won't work as there will be many deprecated and changed functions, etc. But you can still run old PHP (let's say 5.3 for example) with newest Apache and newest OpenSSL on the newest OS. That's not a problem.

    I can't really find a good reason for a regular website to not accept upgrade to TLS. Actually for long time TLS was backwards compatible with SSL 3.0.

  8. #8
    Join Date
    Feb 2006
    Posts
    888
    Quote Originally Posted by wattie View Post
    Did you ever try to migrate the website to a newer server with TLS connection at all?
    I did not, but I started thinking about that which is why I replied to your thread on the FreeBSD 11 area.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •