Welcome to Centmin Mod Community
Become a Member

Security CentOS updating for OpenSSL 1.0.2 testing feedback please

Discussion in 'CentOS, Redhat & Oracle Linux News' started by eva2000, Jan 24, 2015.

  1. eva2000

    eva2000 Administrator Staff Member

    53,488
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,671
    Local Time:
    5:16 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Same time as OpenSSL 1.0.1l release there's a OpenSSL 1.0.2 released too. Folks give it a test and see if it compiles fine for your Centmin Mod LEMP setups :)

    Change Log for OpenSSL 1.0.2


    OpenSSL 1.0.2 testing on Centmin Mod 1.2.3-eva2000.07 stable via manual update for Centmin Mod Nginx static OpenSSL compile part outlined here.
     
  2. rdan

    rdan Well-Known Member

    5,439
    1,398
    113
    May 25, 2014
    Ratings:
    +2,187
    Local Time:
    3:16 AM
    Mainline
    10.2
    Works fine on my LIVE Server :D
     
  3. eva2000

    eva2000 Administrator Staff Member

    53,488
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,671
    Local Time:
    5:16 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  4. rdan

    rdan Well-Known Member

    5,439
    1,398
    113
    May 25, 2014
    Ratings:
    +2,187
    Local Time:
    3:16 AM
    Mainline
    10.2
    CLOUDFLARE_PATCHSSL='y'
    Yes.
     
  5. rdan

    rdan Well-Known Member

    5,439
    1,398
    113
    May 25, 2014
    Ratings:
    +2,187
    Local Time:
    3:16 AM
    Mainline
    10.2
  6. eva2000

    eva2000 Administrator Staff Member

    53,488
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,671
    Local Time:
    5:16 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Testing system OpenSSL 1.0.1e-30.el6_6.5 vs OpenSSL 1.0.2 static compiled into Centmin Mod Nginx
    Code:
    openssl speed ecdsap224 ecdsap256
    
    /svr-setup/openssl-1.0.2/.openssl/bin/openssl speed ecdsap224 ecdsap256
    Not sure if it makes much difference for most folks using SSL certificates with RSA 2048bit as it would only apply to ECC 256 bit (ECDSA) based SSL certificate usage ? SSL - ECC 256 bit vs RSA 2048 bit SSL | Centmin Mod Community

    My test site at sslspdy.com is using ECC 256 bit SSL certificate with ECDSA signature algorithm :)
     
    Last edited: Jan 24, 2015
  7. rdan

    rdan Well-Known Member

    5,439
    1,398
    113
    May 25, 2014
    Ratings:
    +2,187
    Local Time:
    3:16 AM
    Mainline
    10.2
    I will run this on Terminal?
    Code:
    /home/svr-setup/openssl-1.0.2/.openssl/bin/openssl speed ecdsap224 ecdsap256
     
  8. eva2000

    eva2000 Administrator Staff Member

    53,488
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,671
    Local Time:
    5:16 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yup
     
  9. rdan

    rdan Well-Known Member

    5,439
    1,398
    113
    May 25, 2014
    Ratings:
    +2,187
    Local Time:
    3:16 AM
    Mainline
    10.2
    Sad thing I already clean it up :(
    # /home/svr-setup/openssl-1.0.2/.openssl/bin/openssl speed ecdsap224 ecdsap256
    -bash: /home/svr-setup/openssl-1.0.2/.openssl/bin/openssl: No such file or directory


    After I upgrade nginx :D
     
  10. eva2000

    eva2000 Administrator Staff Member

    53,488
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,671
    Local Time:
    5:16 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    haha, meant to keep them there as Centmin Mod uses ccache for compiler caching, should speed up reinstalls of same version source recompiled software by up to 60% faster than non-cached ccache normal source recompiles
     
  11. rdan

    rdan Well-Known Member

    5,439
    1,398
    113
    May 25, 2014
    Ratings:
    +2,187
    Local Time:
    3:16 AM
    Mainline
    10.2
    :D
    From now on, I will :D

    I also change my /svr-setup/ to /home/svr-setup/, that's fine?
     
  12. eva2000

    eva2000 Administrator Staff Member

    53,488
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,671
    Local Time:
    5:16 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    should be :)
     
  13. eva2000

    eva2000 Administrator Staff Member

    53,488
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,671
    Local Time:
    5:16 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+