Want to subscribe to topics you're interested in?
Become a Member

Security September 2016: LibreSSL 2.4.3 Released

Discussion in 'CentOS, Redhat & Oracle Linux News' started by eva2000, Sep 22, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    30,850
    6,904
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,394
    Local Time:
    9:37 PM
    Nginx 1.13.x
    MariaDB 5.5

    Centmin Mod + LibreSSL 2.4.3



    LibreSSL 2.4.3 is now latest stable release http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.4.3-relnotes.txt:

    Centmin Mod 123.08stable and 123.09beta01 Github branches corresponding to Centmin Mod 1.2.3-eva2000.08 stable and Centmin Mod 1.2.3-eva2000.09 beta01 have been updated to default to LibreSSL 2.4.3 for new fresh installs. For existing folks, follow below update instructions.

    Centmin Mod Nginx Update LibreSSL



    For Centmin Mod 1.2.3-eva2000.08 beta03, .08 stable and higher you can update to LibreSSL 2.4.3 via 2 steps.

    Step 1. Updating centmin.sh LIBRESSL_VERSION variable to 2.4.3. Best way is to use centmin.sh menu option 23 submenu option 2 for auto updating Centmin Mod code as outlined at centminmod.com/upgrade.html and at https://community.centminmod.com/threads/new-08-beta-menu-option-updating-centmin-mod-via-git.3084/. That will auto update centmin.sh to latest version which already has LIBRESSL_VERSION='2.4.3' set.

    Check your updated Centmin Mod centmin.sh to see if LIBRESSL_VERSION='2.4.3' is set. If not set and you do not have centmin.sh menu option 23 submenu option 1 for git environment setup, then you need to manually update and edit in your persistent config file (create it if it doesn't exist) at /etc/centminmod/custom_config.inc and add to it:

    Code (Text):
    # LibreSSL
    LIBRESSL_SWITCH='y'        # if set to 'y' it overrides OpenSSL as the default static compiled option for Nginx server
    LIBRESSL_VERSION='2.4.3'   # Use this version of LibreSSL http://www.libressl.org/


    Step 2. Then select centmin.sh menu option #4 to upgrade/downgrade Nginx recompile Nginx and specify latest Nginx version i.e. 1.11.4+ or newer.

    For example after recompile Nginx version output will show built with LibreSSL 2.4.3

    for 123.09 beta01 with NGINXMODULE_ALTORDER=y enabled

    LibreSSL 2.4.3



    You'll find latest LibreSSL 2.4.3 on official site.
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,850
    6,904
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,394
    Local Time:
    9:37 PM
    Nginx 1.13.x
    MariaDB 5.5
    Release notes for LibreSSL 2.4.3 http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.4.3-relnotes.txt

     
  3. eva2000

    eva2000 Administrator Staff Member

    30,850
    6,904
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,394
    Local Time:
    9:37 PM
    Nginx 1.13.x
    MariaDB 5.5
    FYI, LibreSSL 2.4.3 is stable release which you should stick with. However, LibreSSL 2.5.0 latest dev release is also out with some nice changes http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.5.0-relnotes.txt :)

    LibreSSL 2.5.0 compiles fine setting in persistent config file at /etc/centminmod/custom_config.inc BEFORE running centmin.sh menu option 4 to recompile Nginx 1.11.4
    Code (Text):
    LIBRESSL_VERSION='2.5.0'
    

     
  4. Sunka

    Sunka Active Member

    931
    242
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +392
    Local Time:
    12:37 PM
    Nginx 1.13.3
    MariaDB 10.1.24
    Done.
    Thanks @eva2000

     
    • Like Like x 1
  5. arlon

    arlon Member

    83
    6
    8
    Feb 20, 2016
    Ratings:
    +11
    Local Time:
    6:37 PM
    1.13.6
    10.1
    im using nginx 1.10.1
    should i recompile too?
     
  6. eva2000

    eva2000 Administrator Staff Member

    30,850
    6,904
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,394
    Local Time:
    9:37 PM
    Nginx 1.13.x
    MariaDB 5.5
    yes Nginx 1.11.4 is lastest :)