Author Topic: Updating cURL and OpenSSL/1.0.2k-fips  (Read 2338 times)

0 Members and 2 Guests are viewing this topic.

Offline
*
Updating cURL and OpenSSL/1.0.2k-fips
« on: June 01, 2023, 10:30:22 PM »
Hello

I have updated my curl version by following https://wiki.centos-webpanel.com/update-curl-to-latest-version-in-centos

but now i have a worse problem that is.
(http_request_failed) cURL error 35: OpenSSL/1.0.2k-fips: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version

Now you have an outdated version of Openssl, how can I solve this.

Offline
*****
Re: Updating cURL and OpenSSL/1.0.2k-fips
« Reply #1 on: June 02, 2023, 01:26:14 AM »
What OS version? CentOS 7.9 or something else?

Offline
*
Re: Updating cURL and OpenSSL/1.0.2k-fips
« Reply #2 on: June 02, 2023, 01:50:06 AM »
CPU Model: AMD EPYC 7282 16-Core Processor
CPU Details: 6 Core (2795 MHz)
Distro Name: CentOS Linux release 7.9.2009 (Core)
Kernel Version: 3.10.0-1160.90.1.el7.x86_64
Platform: x86_64 kvm

VPS contabo

Offline
*****
Re: Updating cURL and OpenSSL/1.0.2k-fips
« Reply #3 on: June 02, 2023, 01:56:31 AM »
Code: [Select]
$ yum info openssl
Loaded plugins: fastestmirror
Determining fastest mirrors
 * base: la.mirrors.clouvider.net
 * epel: irltoolkit.mm.fcix.net
 * extras: linux.mirrors.es.net
 * updates: mirrors.oit.uci.edu
Installed Packages
Name        : openssl
Arch        : x86_64
Epoch       : 1
Version     : 1.0.2k
Release     : 26.el7_9
Size        : 814 k
Repo        : installed
From repo   : updates
Summary     : Utilities from the general purpose cryptography library with TLS implementation
URL         : http://www.openssl.org/
License     : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications between
            : machines. OpenSSL includes a certificate management tool and shared
            : libraries which provide various cryptographic algorithms and
            : protocols.
https://webhostinggeeks.com/howto/install-update-openssl-centos/

Offline
*
Re: Updating cURL and OpenSSL/1.0.2k-fips
« Reply #4 on: June 02, 2023, 02:11:31 AM »
I'm going to follow the tutorial, if you have any other recommendations that would be great. thank you

Offline
*****
Re: Updating cURL and OpenSSL/1.0.2k-fips
« Reply #5 on: June 02, 2023, 02:17:55 AM »
Quote
Note: The latest stable version is the 3.1 series supported until 14th March 2025. Also available is the 3.0 series which is a Long Term Support (LTS) version and is supported until 7th September 2026. The previous LTS version (the 1.1.1 series) is also available and is supported until 11th September 2023. All older versions (including 1.1.0, 1.0.2, 1.0.0 and 0.9.8) are now out of support and should not be used. Users of these older versions are encouraged to upgrade to 3.1 or 3.0 as soon as possible. Extended support for 1.0.2 to gain access to security fixes for that version is available.
Off the cuff, I would suggest shooting for the 1.1.1 version upgrade, as it is supported until September 2023. It is unlikely to break things in the CWP stack which depend on the 1.0.x code branch. I don't know how much the 3.1 or 3.0 branch is as a drop-in replacement under CentOS 7.9 and the CWP stack -- so proceed at your own risk!

Offline
*
Re: Updating cURL and OpenSSL/1.0.2k-fips
« Reply #6 on: June 02, 2023, 02:39:24 AM »
for some reason it didn't work for me, but thanks for your help

[~]# openssl version
OpenSSL 1.1.1k  25 Mar 2021

[ ~]# yum info openssl
Name        : openssl
Arch        : x86_64
Epoch       : 1
Version     : 1.0.2k
Release     : 26.el7_9
Size        : 814 k
Repo        : installed
From repo   : updates
Summary     : Utilities from the general purpose cryptography library
            : with TLS implementation
URL         : http://www.openssl.org/
License     : OpenSSL
Description : The OpenSSL toolkit provides support for secure
            : communications between machines. OpenSSL includes a
            : certificate management tool and shared libraries which
            : provide various cryptographic algorithms and protocols.

Offline
*****
Re: Updating cURL and OpenSSL/1.0.2k-fips
« Reply #7 on: June 02, 2023, 01:26:05 PM »
Do you mean you successfully updated OpenSSL to 1.1.1k but it didn't get rid of your curl error?
Or do you mean that updating to OpenSSL 1.1.1k hosed the whole system (too many dependencies, not compatible with the CWP stack)? I'm curious because I would upgrade my OpenSSL to 1.1.1 if I knew it worked with CWP. Then I would probably ride like that until I ditch CentOS 7 in spring of 2024.

Offline
*
Re: Updating cURL and OpenSSL/1.0.2k-fips
« Reply #8 on: June 03, 2023, 04:08:02 AM »
Correct openssl version is updated, but cURL remains the same, shows OpenSSL/1.0.2k-fips: