Update TLS

IT_Architect

Verified User
Joined
Feb 27, 2006
Messages
888
I have an old VM on FreeBSD 7.2 because of an old encrypted app. However, I need to update to a newer version of TLS for email/Exim reasons because some email servers won't talk to it. How can I do that?

Thanks!
 

wattie

Verified User
Joined
May 31, 2008
Messages
983
Location
Bulgaria
The OpenSSL is in the base system; however FreeBSD can be upgraded very easily with the freebsd-update utility.
 

wattie

Verified User
Joined
May 31, 2008
Messages
983
Location
Bulgaria
How come the site depends on what is the transport layer under it?

You can think of installing OpenSSL from ports... but it will be very complicated setup.
 

wattie

Verified User
Joined
May 31, 2008
Messages
983
Location
Bulgaria
Here are my thoughts on that:

1. You can install the security/openssl port and add "DEFAULT_VERSIONS+= ssl=openssl" to /etc/make.conf - this will make all apps to use the newer (ports) version. The old openssl however will still be present (as it's in base). Check here: https://wiki.freebsd.org/OpenSSL

2. Find a way to make httpd to use the path to the old version. This will require custom compilation.

It should be possible but still... I can't think of a reason that a website should be dependent on the transport layer below it. I guess it communicates with some old software on another server? Maybe it's time for software upgrade :)

SSL is insecure.
 
Last edited:

IT_Architect

Verified User
Joined
Feb 27, 2006
Messages
888
Here are my thoughts on thatl... I can't think of a reason that a website should be dependent on the transport layer below it. I guess it communicates with some old software on another server? Maybe it's time for software upgrade :) SSL is insecure.
I believe you understand this better than I. What you just said makes sense. I need to think about it. As far as updating the software, the company went out of business and there isn't anything out there like it to replace it. We are looking at another angle though.

Thanks!
 

wattie

Verified User
Joined
May 31, 2008
Messages
983
Location
Bulgaria
Did you ever try to migrate the website to a newer server with TLS connection at all?

I don't mean to upgrade it to newer PHP version for example - no, that probably won't work as there will be many deprecated and changed functions, etc. But you can still run old PHP (let's say 5.3 for example) with newest Apache and newest OpenSSL on the newest OS. That's not a problem.

I can't really find a good reason for a regular website to not accept upgrade to TLS. Actually for long time TLS was backwards compatible with SSL 3.0.
 
Top