Oh happy days!
I’ve long been tracking the “Bug 1276310 – (rhel7-openssl1.0.2) RFE: Need OpenSSL 1.0.2” issue, where Red Hat users are asking for an updated version of the OpenSSL package. Mainly to get TLS 1.2 and ALPN.
_openssl_ rebased to version 1.0.2k
The _openssl_ package has been updated to upstream version 1.0.2k, which provides a number of enhancements, new features, and bug fixes, including:
Added support for the datagram TLS (DTLS) protocol version 1.2.
Added support for the TLS automatic elliptic curve selection.
Added support for the Application-Layer Protocol Negotiation (ALPN).
Added Cryptographic Message Syntax (CMS) support for the following schemes: RSA-PSS, RSA-OAEP, ECDH, and X9.42 DH.
Note that this version is compatible with the API and ABI in the *OpenSSL* library version in previous releases of Red Hat Enterprise Linux 7.
The ALPN support is needed because in the Chrome browser, server-side ALPN support is a dependency to support HTTP/2. Without it, Chrome users don’t get to use HTTP/2 on your servers.
The newly updated packages for OpenSSL are targeting the RHEL 7.4 release, which – as far as I’m aware – has no scheduled release date yet. But I’ll be waiting for it!
As soon as RHEL 7.4 is released, we should expect a CentOS 7.4 release soon after.