Before to add the microsoft repo, first applied the pending patches, reboot, add the repo then install de unixodbc and mssqlodbc and all the process was flawless.
We just faced with the problem at moment to try to install unixodbc and msodbc in our QAS server, when trying to add the repo gets the message reported:
-host host - use -connect instead
-port port - use -connect instead
-connect host:port - who to connect to (default is localhost:4433)
-verify depth - turn on peer certificate verification
-cert arg - certificate file to use, PEM format assumed
-certform arg - certificate format (PEM or DER) PEM default
-key arg - Private key file to use, in cert file if
not specified but cert file is.
-keyform arg - key format (PEM or DER) PEM default
-pass arg - private key file pass phrase source
-CApath arg - PEM format directory of CA’s
-CAfile arg - PEM format file of CA’s
-reconnect - Drop and re-make the connection with the same Session-ID
-pause - sleep(1) after each read(2) and write(2) system call
-showcerts - show all certificates in the chain
-debug - extra output
-msg - Show protocol messages
-nbio_test - more ssl protocol testing
-state - print the ‘ssl’ states
-nbio - Run with non-blocking IO
-crlf - convert LF from terminal into CRLF
-quiet - no s_client output
-ign_eof - ignore input eof (default when -quiet)
-no_ign_eof - don’t ignore input eof
-ssl2 - just use SSLv2
-ssl3 - just use SSLv3
-tls1 - just use TLSv1
-dtls1 - just use DTLSv1
-fallback_scsv - send TLS_FALLBACK_SCSV
-mtu - set the MTU
-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol
-bugs - Switch on all SSL implementation bug workarounds
-serverpref - Use server’s cipher preferences (only SSLv2)
-cipher - preferred cipher to use, use the ‘openssl ciphers’
command to see what is available
-starttls prot - use the STARTTLS command before starting TLS
for those protocols that support it, where
‘prot’ defines which one to assume. Currently,
only “smtp”, “pop3”, “imap”, “ftp” and “xmpp”
are supported.
-engine id - Initialise and use the specified engine
-rand file:file:…
-sess_out arg - file to write SSL session to
-sess_in arg - file to read SSL session from
-servername host - Set TLS extension servername in ClientHello
-tlsextdebug - hex dump of all TLS extensions received
-status - request certificate status from server
-no_ticket - disable use of RFC4507bis session tickets
-legacy_renegotiation - enable use of legacy renegotiation (dangerous)
Sounds like the my Suse Servers does not recognize the 1.2 version?
Now as soon as I get in the office I will review with our Network and Security Team our server configuration and restrictions.
-host host - use -connect instead
-port port - use -connect instead
-connect host:port - who to connect to (default is localhost:4433)
-verify depth - turn on peer certificate verification
-cert arg - certificate file to use, PEM format assumed
-certform arg - certificate format (PEM or DER) PEM default
-key arg - Private key file to use, in cert file if
not specified but cert file is.
-keyform arg - key format (PEM or DER) PEM default
-pass arg - private key file pass phrase source
-CApath arg - PEM format directory of CA’s
-CAfile arg - PEM format file of CA’s
-reconnect - Drop and re-make the connection with the same Session-ID
-pause - sleep(1) after each read(2) and write(2) system call
-showcerts - show all certificates in the chain
-debug - extra output
-msg - Show protocol messages
-nbio_test - more ssl protocol testing
-state - print the ‘ssl’ states
-nbio - Run with non-blocking IO
-crlf - convert LF from terminal into CRLF
-quiet - no s_client output
-ign_eof - ignore input eof (default when -quiet)
-no_ign_eof - don’t ignore input eof
-ssl2 - just use SSLv2
-ssl3 - just use SSLv3
-tls1 - just use TLSv1
-dtls1 - just use DTLSv1
-fallback_scsv - send TLS_FALLBACK_SCSV
-mtu - set the MTU
-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol
-bugs - Switch on all SSL implementation bug workarounds
-serverpref - Use server’s cipher preferences (only SSLv2)
-cipher - preferred cipher to use, use the ‘openssl ciphers’
command to see what is available
-starttls prot - use the STARTTLS command before starting TLS
for those protocols that support it, where
‘prot’ defines which one to assume. Currently,
only “smtp”, “pop3”, “imap”, “ftp” and “xmpp”
are supported.
-engine id - Initialise and use the specified engine
-rand file:file:…
-sess_out arg - file to write SSL session to
-sess_in arg - file to read SSL session from
-servername host - Set TLS extension servername in ClientHello
-tlsextdebug - hex dump of all TLS extensions received
-status - request certificate status from server
-no_ticket - disable use of RFC4507bis session tickets
-legacy_renegotiation - enable use of legacy renegotiation (dangerous)
Sounds like the my Suse Servers does not recognize the 1.2 version?
Now as soon as I get in the office I will review with our Network and Security Team our server configuration and restrictions.
Regards.[/QUOTE]
Hi,
I reviewed the Network configuration and connectivity with our Network and Security Team, both server has no restrictions.
Hi
I would assume it’s SLE 11 SP3 openssl and maybe changes on the MS
server (SSL requirements).
I see in your options from the output there is no -tls1_N
On SLE 12 SP3 I see;
-ssl2 - just use SSLv2
-ssl3 - just use SSLv3
-tls1_2 - just use TLSv1.2
-tls1_1 - just use TLSv1.1
-tls1 - just use TLSv1
-dtls1 - just use DTLSv1
Can the system be upgraded?
–
Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
openSUSE Leap 42.2|GNOME 3.20.2|4.4.90-18.32-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!
After review the SLES 11 SP4 new’s I found this note:
3.1 What’s New in SUSE Linux Enterprise Server 11 SP4 #
New CPU enablement, such as Intel® Xeon® processor E7-8800/4800 v3 product family, IBM z13 (z13), and IBM POWER8 BE.
Public Cloud module and Security module are now available for SP4. These modules are independent repository channels and are included in subscription without additional cost:
Public Cloud Module
The Public Cloud Module is a collection of tools that enables you to create and manage cloud images from the command line on SUSE Linux Enterprise Server. When building your own images with KIWI or SUSE Studio, initialization code specific to the target cloud is included in that image. The tools and initialization code in this module will be updated whenever a new version is ready, always giving you the freshest.
Security Module
The Security Module adds support for TLS 1.2 to the applications in the Security Module repository. This allows customers and partners to build TLS-1.2 compliant infrastructures beyond the HTTPS protocol.
Now I planning to apply SP4 in my server, any advice?.
After review the SLES 11 SP4 new’s I found this note:
3.1 What’s New in SUSE Linux Enterprise Server 11 SP4 #
New CPU enablement, such as Intel® Xeon® processor E7-8800/4800 v3 product family, IBM z13™ (z13), and IBM POWER8 BE.
Public Cloud module and Security module are now available for SP4. These modules are independent repository channels and are included in subscription without additional cost:
Public Cloud Module
The Public Cloud Module is a collection of tools that enables you to create and manage cloud images from the command line on SUSE Linux Enterprise Server. When building your own images with KIWI or SUSE Studio, initialization code specific to the target cloud is included in that image. The tools and initialization code in this module will be updated whenever a new version is ready, always giving you the freshest.
Security Module
The Security Module adds support for TLS 1.2 to the applications in the Security Module repository. This allows customers and partners to build TLS-1.2 compliant infrastructures beyond the HTTPS protocol.
Now I planning to apply SP4 in my server, any advice?.
Best regards.[/QUOTE]
Hi
Create a backup, and test
Hi
So can you download and access the files via the SLE 11 SP4 browser?
Maybe it’s something at the Microsoft end that’s changed?
–
Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
openSUSE Leap 42.2|GNOME 3.20.2|4.4.90-18.32-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!
Yes, I can navigate using Firefox and view the files, it is very weird.
Let me elaborate a little bit: Now I am using a VBox VM with SLES 11 SP4, fully registered and patched to test.
If I connect using the celular network not our corporate network the zypper ar works like a charm in the other side when using out corporate network the command fails, we are using Fortinet appliances, but everything is “open” in the Fortinet, the server runs free.
Please, could you provide to me, some other test to validate the server connectivity?
Run wireshark or tcpdump, then run openssl comand with TLS 1.2 command
in another window and look at what’s happening over both connection
methods.
So I’m guessing the Fortinet devices firmware is all ok/up to date and
not silently dropping something?
–
Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
openSUSE Leap 42.2|GNOME 3.20.2|4.4.90-18.32-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!
When trying to add the repo fails with same error message reported in this forum.
In my OpenSuse Leap 42.3 VM I got this version:
OpenSSL 1.0.2j-fips 26 sep 2016
In OpenSuse I can add the repo with sucess!!!, that means my problem with Prod. Suse Server is the openssl version.
Do you know how can I install latest openssl version in SLES for SAP 11 SP3 or SLES for SAP 11 SP4, any workaound? the curl-openssl1 and wget-openssl1 does not work in SLES 11 SP3 and SP4.
