Updating openssl

By replacing openssl using a simple make config && make && make install means that you also lose the ability to use rpm to manage that package and perform queries on it (e.g.verifying all the files are present and haven't been modified or had permissions changed without also updating the RPM database).The Common Vulnerabilities and exposures project identifies the following issues: It is not bad as the heartbleed openssl bug disclosed in April 2014 in the Open SSL cryptography library.

updating openssl-19updating openssl-41

When you update Open SSL, the software that currently has the ssl libraries loaded in memory do not automatically load the updated libraries.The Change Cipher Spec (CCS) Injection Vulnerability is a moderately severe vulnerability in Open SSL, known formally as “SSL/TLS MITM vulnerability (CVE-2014-0224)“.As of June 05, 2014, a security advisory was released by Open SSL.org, along with versions of Open SSL that fix this vulnerability.Replacing Open SSL with the latest version from upstream (i.e.1.0.1g) runs the risk of introducing functionality changes which may break compatibility with applications/clients in unpredictable ways, causes your system to diverge from RHEL, and puts you on the hook for personally maintaining future updates to that package.Here is the INSTALL documentation: $ ./config $ make $ make test $ make install [If any of these steps fails, see section Installation in Detail below.] This will build and install Open SSL in the default location, which is (for historical reasons) /usr/local/ssl.


Leave a Reply