Bug 1266610

Summary: openssl and curl support up to TLSv1 only in RHEL5
Product: Red Hat Enterprise Linux 5 Reporter: Mike Green <mgreen>
Component: opensslAssignee: Tomas Mraz <tmraz>
Status: CLOSED CANTFIX QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: high Docs Contact:
Priority: unspecified    
Version: 5.11   
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-09-29 07:25:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mike Green 2015-09-25 20:18:05 UTC 
Description of problem:
In RHEL5x, both openssl and curl do not support anything higher than TLSv1.
Our credit card processor is requiring TLSv1_1 or higher by June of 2016 for PCI 3.x compliance.

Version-Release number of selected component (if applicable):
Red Hat Enterprise Linux Server release 5.11 (Tikanga)
openssl.x86_64                      0.9.8e-36.el5_11
curl.x86_64                         7.15.5-17.el5_9

How reproducible:
grep "CURL.*TLSv.*" /usr/include/curl/curl.h
CURL_SSLVERSION_TLSv1,

sudo openssl s_client -connect testgate.viaconex.com:443< 
http://testgate.viaconex.com:443><http://testgate.viaconex.com:443>
-tls1_2

unknown option -tls1_2
usage: s_client args

....lines omitted...
-ssl2         - just use SSLv2
-ssl3         - just use SSLv3
-tls1         - just use TLSv1
-dtls1        - just use DTLSv1
Comment 1 Tomas Mraz 2015-09-29 07:25:36 UTC 
Please see https://access.redhat.com/solutions/1609823