Upgrading SLES and OpenSSL to support TLS 1.2

allisonc · February 8, 2016, 4:52pm

On our servers, we currently have SLES 11 installed. From what I have gathered so far, we will need to go from 11->11SP1->11S2->11SP3->11SP4. The main reason we are upgrading at this point is that we need to upgrade OpenSSL. We are currently using version 0.9.8h. Will 11SP4 support the latest version of OpenSSL? We ultimately need to support TLS 1.2.

Thank you

ab1 · February 8, 2016, 5:58pm

Major changes of packages are usually not done unless the major version of
the system changes. In your case, you’re moving from SP to SP, which is
meant to primarily address fixes, so getting openssl 1.x does not happen
by default.

If you want the latest version of openssl by default for your entire
server, your best option is probably to just upgrade to SLES 12 (SLES 12
SP1 is current). Also keep in mind that just because openssl is updated
to 1.0.x does not mean that all applications within the system will
support TLS 1.2 (Apache httpd, Apache Tomcat, postfix, etc.) so those may
also need to be upgraded, which would happen as part of SLES 12 SP1.

In the meantime, if you cannot go to SLES 12, SUSE created a separate
channel that will essentially let you add openssl 1.0.x to your existing
servers, depending on SP. The module was released in 2014, and you can
start learning about it here:
https://www.suse.com/communities/blog/introducing-the-suse-linux-enterprise-11-security-module/

–
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…

smflood · February 9, 2016, 2:28pm

On 08/02/2016 15:58, ab wrote:
[color=blue]

In the meantime, if you cannot go to SLES 12, SUSE created a separate
channel that will essentially let you add openssl 1.0.x to your existing
servers, depending on SP. The module was released in 2014, and you can
start learning about it here:
https://www.suse.com/communities/blog/introducing-the-suse-linux-enterprise-11-security-module/[/color]

From the first paragraph of the above article

“SUSE has released the âSUSE Linux Enterprise 11 Security Moduleâ,
providing enhancements to SUSE Linux Enterprise 11 SP3 …”

so you will need to at least upgrade from SLES11 to SLES11 SP1 then
SLES11 SP2 and finally SLES11 SP3. However given that SLES11 SP3 is out
of General Support I’d also upgrade to SLES11 SP4, particularly if
you’re worried about security.

HTH.

Simon
SUSE Knowledge Partner

Topic		Replies	Views
TLS 1.2 on SLES 11 (SP4) SLES Configure-Administer	1	611	November 16, 2016
Openssl 1.1 for SUSE 11 SP3 ? SLES Updates	4	223	January 12, 2015
SLES 12 SP 1 - openssl version (upgrade) SLES Updates	4	328	February 11, 2016
Openssl version for TLS 1.2 SLES Configure-Administer	3	388	April 16, 2018
SLES 11 SP4 with Python and TLS 1.2 SLES Updates	1	462	January 17, 2020

Upgrading SLES and OpenSSL to support TLS 1.2

HTH.

If you find this post helpful and are logged into the web interface, please show your appreciation and click on the star below. Thanks.

Related topics

If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks.