CentOS 7.4 to ship with TLS 1.2 + ALPN

Oh Dear monitors your entire site, not just the homepage. We crawl and search for broken pages and mixed content, send alerts when your site is down and notify you on expiring SSL certificates.

Start your free 10 day trial! »

Profile image of Mattias Geniar

Mattias Geniar, May 19, 2017

Follow me on Twitter as @mattiasgeniar

Oh happy days!

I’ve long been tracking the “Bug 1276310 – (rhel7-openssl1.0.2) RFE: Need OpenSSL 1.0.2” issue, where Red Hat users are asking for an updated version of the OpenSSL package. Mainly to get TLS 1.2 and ALPN.

_openssl_ rebased to version 1.0.2k

The _openssl_ package has been updated to upstream version 1.0.2k, which provides a number of enhancements, new features, and bug fixes, including:

  • Added support for the datagram TLS (DTLS) protocol version 1.2.

  • Added support for the TLS automatic elliptic curve selection.

  • Added support for the Application-Layer Protocol Negotiation (ALPN).

  • Added Cryptographic Message Syntax (CMS) support for the following schemes: RSA-PSS, RSA-OAEP, ECDH, and X9.42 DH.

Note that this version is compatible with the API and ABI in the *OpenSSL* library version in previous releases of Red Hat Enterprise Linux 7.

RFE: Need OpenSSL 1.0.2

The ALPN support is needed because in the Chrome browser, server-side ALPN support is a dependency to support HTTP/2. Without it, Chrome users don’t get to use HTTP/2 on your servers.

The newly updated packages for OpenSSL are targeting the RHEL 7.4 release, which – as far as I’m aware – has no scheduled release date yet. But I’ll be waiting for it!

As soon as RHEL 7.4 is released, we should expect a CentOS 7.4 release soon after.



Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.