CentOS 7.4 to ship with TLS 1.2 + ALPN

Tired of the privacy invasion of browsers? Worried about the risk of seeing ads everywhere? Give the Brave Browser a try. All Chrome extensions are compatible. None of the telemetry. Auto-blocks ads and still support content creators like me.

Download the Brave browser now »

Profile image of Mattias Geniar

Mattias Geniar, May 19, 2017

Follow me on Twitter as @mattiasgeniar

Oh happy days!

I’ve long been tracking the “Bug 1276310 – (rhel7-openssl1.0.2) RFE: Need OpenSSL 1.0.2” issue, where Red Hat users are asking for an updated version of the OpenSSL package. Mainly to get TLS 1.2 and ALPN.

_openssl_ rebased to version 1.0.2k

The _openssl_ package has been updated to upstream version 1.0.2k, which provides a number of enhancements, new features, and bug fixes, including:

  • Added support for the datagram TLS (DTLS) protocol version 1.2.

  • Added support for the TLS automatic elliptic curve selection.

  • Added support for the Application-Layer Protocol Negotiation (ALPN).

  • Added Cryptographic Message Syntax (CMS) support for the following schemes: RSA-PSS, RSA-OAEP, ECDH, and X9.42 DH.

Note that this version is compatible with the API and ABI in the *OpenSSL* library version in previous releases of Red Hat Enterprise Linux 7.

RFE: Need OpenSSL 1.0.2

The ALPN support is needed because in the Chrome browser, server-side ALPN support is a dependency to support HTTP/2. Without it, Chrome users don’t get to use HTTP/2 on your servers.

The newly updated packages for OpenSSL are targeting the RHEL 7.4 release, which – as far as I’m aware – has no scheduled release date yet. But I’ll be waiting for it!

As soon as RHEL 7.4 is released, we should expect a CentOS 7.4 release soon after.



Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.