Why rhel 5/Apache doesn't support TLS1.1 n 1.2

Unix unixadm28 at gmail.com
Tue Mar 17 13:38:53 UTC 2015 

Wondering how I can effectively disable SSLv3 n TLSv1 from rhel5.11 Apache web server?

Sent from my iPhone

> On Mar 17, 2015, at 8:48 AM, Fernando Lozano <fernando at lozano.eti.br> wrote:
> 
> Hi Versha,
>>  
>> Brief context from our side:
>> We are basically using RHEL6 for our build infrastructure, and as a part of Vulnerability management we found  that Subversion1.6 is no longer supported by Apache and we need to upgrade it to a higher version like 1.7 or 1.8 . 
>> That is why I was looking forward for some authentic information to proceed with a proper reason in this area.
> Subversion 1.6 may not be supported anymore by Apache Foundation, but it is supported by Red Hat itself. If there's any security or stability fix released for newer Subversion, Red Hat has a contractual agreement with you to backport those fixes to the older Subversion included in RHEL. This is part of your subscription.
> 
> From a legal standpoint Red Hat support is better than Apache support because the first is assured by a contract (your subscription agreement) and comes with well defined SLA terms. Apache support provides no assurances. Do you have a support contract with Apache Foundation? You as a Red Hat customer can open support tickets for subversion and Red Hat may well develop fixes and patches itself, before Apache. Those patches will later be submitted to Apache so they become part of the upstream Subversion.
> 
> You can check if you downloaded the lastest Subversion updated released by Red Hat and use:
> # rpm -i --changelog subversion | grep -i cve 
> to look for specific vulnerabilities fixed and so you can prove you already have vulnerabilities fixed by newer Subversion from Apache.
> 
>>  
>> Also, do you have any idea when Redhat  is going to have a higher version of apache Subversion in near future? J
> As someone already explained, the stability / compability / certification assurance from your RHEL subscription implies Red Hat will only update major versions of most packages on a new RHEL series. So you'd have to move to RHEL7 if you really need a newer subversion, but If your problem is just satisfying a security audit you should be fine with RHEL6 updates.
> 
> Someone also already explained you can get a (free?) subscription to software collections to get newer releases for some packages, but I don't know if those include Subversion and if those are subject to the same support terms as regular RHEL packages.
> 
> 
> []s, Fernando Lozano
> 
> --
> redhat-sysadmin-list mailing list
> redhat-sysadmin-list at redhat.com
> https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/redhat-sysadmin-list/attachments/20150317/329a36f6/attachment.htm>

More information about the redhat-sysadmin-list mailing list