Mai 2016 Archives
2016-05-28 18:51:17
RHEL 5 RPM packages with SSL enhancements
Some RPM packages of the tuxad repo got SSL improvements (compiled against openssl1 package). Most changes were done in the Apache package:
httpd-2.2.3-91.1.el5_11.rpm
- recompiled against openssl1 package (ported from RHEL 6)
- requires openldap-openssl1
- use bigger DH params
- some secure basic options for SSL_CTX_set_options() hardcoded
- basic ECDH support
- improved default SSLCipherSuite in ssl.conf
- configurable DH params by SSLDhParamsFile config option
- weekly cronjob for updating dh2048.pem
postfix-2.3.3-7.tls1.el5_11
- bigger DH params
- disable TLS compression and enable cipher server preference
- basic ECDH support
dovecot-1.0.7-9.4.log.dh2
In March dovecot got basic ECDH support and support for refreshable and bigger DH params. Latest change now was disabling compression and enabling cipher server preference.
new packages
New packages are ucspi-ssl (with the same SSL improvements like the other packages) and a tiny script ssltest.sh for getting the cipher list and DH params of a server.
Posted by Frank W. Bergmann | Permanent link | File under: ssl, encryption, rpm, yum, repository, redhat, openssl, http, apache, smtp