Updated openssl packages that fix various bugs are now available.
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a full-strength
general purpose cryptography library.
These updated packages fix the following bugs:
* by default, zlib compression is used for SSL and TLS connections. On
IBM System z architectures with Central Processor Assist for Cryptographic
Function (CPACF), compression became the main part of the CPU load, and
total performance was determined by the speed of the compression, not the
speed of the encryption. When compression is disabled, the total
performance is much higher. In these updated packages, zlib compression for
SSL and TLS connections can be disabled with the "OPENSSL_NO_DEFAULT_ZLIB"
environment variable. For TLS connections over a slow network, it is better
to leave compression on, so that the amount of data to be transferred is
lower.
* when using the "openssl" command with the "s_client" and "s_server"
options, the default CA certificates file,
"/etc/pki/tls/certs/ca-bundle.crt", was not read. This resulted in
certificates failing verification. In order for certificates to pass
verification, the "-CAfile /etc/pki/tls/certs/ca-bundle.crt" option had to
be used. In these updated packages, the default CA certificates file is
read, and no longer needs to be specified with the "-CAfile" option.
Also, these updated packages upgrade OpenSSL to a later upstream version,
which is currently undergoing the FIPS-140-2 (Federal Information
Processing Standards) validation process.
Users of openssl are advised to upgrade to these updated packages, which
resolve these issues.
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
| RHEL Desktop Workstation (v. 5 client) |
|
| SRPMS: |
openssl-0.9.8e-7.el5.src.rpm
File outdated by: RHSA-2009:1335 |
9fb04899f816007baeeaaabe00b2e8ee |
| |
| IA-32: |
openssl-devel-0.9.8e-7.el5.i386.rpm
File outdated by: RHSA-2009:1335 |
5574177170a937cb8785ec5aec45d5ef |
| |
| x86_64: |
openssl-devel-0.9.8e-7.el5.i386.rpm
File outdated by: RHSA-2009:1335 |
5574177170a937cb8785ec5aec45d5ef |
openssl-devel-0.9.8e-7.el5.x86_64.rpm
File outdated by: RHSA-2009:1335 |
6dc61c18cb9eb7dedac57abb65605a5a |
| |
| Red Hat Enterprise Linux (v. 5 server) |
|
| SRPMS: |
openssl-0.9.8e-7.el5.src.rpm
File outdated by: RHSA-2009:1335 |
9fb04899f816007baeeaaabe00b2e8ee |
| |
| IA-32: |
openssl-0.9.8e-7.el5.i386.rpm
File outdated by: RHSA-2009:1335 |
a3a4958e5d0cc59b098ad4e69cb25e4e |
openssl-0.9.8e-7.el5.i686.rpm
File outdated by: RHSA-2009:1335 |
f5a5aea66543b2d16f471cec06a886b9 |
openssl-devel-0.9.8e-7.el5.i386.rpm
File outdated by: RHSA-2009:1335 |
5574177170a937cb8785ec5aec45d5ef |
openssl-perl-0.9.8e-7.el5.i386.rpm
File outdated by: RHSA-2009:1335 |
9ad42d72790a3276700c52d3f64ef854 |
| |
| IA-64: |
openssl-0.9.8e-7.el5.i686.rpm
File outdated by: RHSA-2009:1335 |
f5a5aea66543b2d16f471cec06a886b9 |
openssl-0.9.8e-7.el5.ia64.rpm
File outdated by: RHSA-2009:1335 |
2f7e871b75f3d712327ca84bb720a2eb |
openssl-devel-0.9.8e-7.el5.ia64.rpm
File outdated by: RHSA-2009:1335 |
34248b4a2c369a312cd24d086c822a90 |
openssl-perl-0.9.8e-7.el5.ia64.rpm
File outdated by: RHSA-2009:1335 |
6ae064ade57d070a68339e43391e55b8 |
| |
| PPC: |
openssl-0.9.8e-7.el5.ppc.rpm
File outdated by: RHSA-2009:1335 |
80180b068a56097ebf3221b21f7fb3c6 |
openssl-0.9.8e-7.el5.ppc64.rpm
File outdated by: RHSA-2009:1335 |
6ed7a14ef5baa66282f7ef25d0d93bba |
openssl-devel-0.9.8e-7.el5.ppc.rpm
File outdated by: RHSA-2009:1335 |
12f8609933eb54da10d3d8c31d46933e |
openssl-devel-0.9.8e-7.el5.ppc64.rpm
File outdated by: RHSA-2009:1335 |
2611b86982cc82328280b55df5b8e920 |
openssl-perl-0.9.8e-7.el5.ppc.rpm
File outdated by: RHSA-2009:1335 |
1e3673ac52805cea17b8d3add7bbb5a3 |
| |
| s390x: |
openssl-0.9.8e-7.el5.s390.rpm
File outdated by: RHSA-2009:1335 |
ca80b8b1389c938721ae756a14948aae |
openssl-0.9.8e-7.el5.s390x.rpm
File outdated by: RHSA-2009:1335 |
4d98827b745208d0f199a51df24328f7 |
openssl-devel-0.9.8e-7.el5.s390.rpm
File outdated by: RHSA-2009:1335 |
f5f967d48511e8ae704595bafed398e8 |
openssl-devel-0.9.8e-7.el5.s390x.rpm
File outdated by: RHSA-2009:1335 |
9e48261d1d576d76077e707c355d6258 |
openssl-perl-0.9.8e-7.el5.s390x.rpm
File outdated by: RHSA-2009:1335 |
adaeade7e649c797333e75414d436dbb |
| |
| x86_64: |
openssl-0.9.8e-7.el5.i686.rpm
File outdated by: RHSA-2009:1335 |
f5a5aea66543b2d16f471cec06a886b9 |
openssl-0.9.8e-7.el5.x86_64.rpm
File outdated by: RHSA-2009:1335 |
a2d5b76b0efda8a777a9e5947688e8e6 |
openssl-devel-0.9.8e-7.el5.i386.rpm
File outdated by: RHSA-2009:1335 |
5574177170a937cb8785ec5aec45d5ef |
openssl-devel-0.9.8e-7.el5.x86_64.rpm
File outdated by: RHSA-2009:1335 |
6dc61c18cb9eb7dedac57abb65605a5a |
openssl-perl-0.9.8e-7.el5.x86_64.rpm
File outdated by: RHSA-2009:1335 |
173d61ddac6bd027460556be09b327e3 |
| |
| Red Hat Enterprise Linux Desktop (v. 5 client) |
|
| SRPMS: |
openssl-0.9.8e-7.el5.src.rpm
File outdated by: RHSA-2009:1335 |
9fb04899f816007baeeaaabe00b2e8ee |
| |
| IA-32: |
openssl-0.9.8e-7.el5.i386.rpm
File outdated by: RHSA-2009:1335 |
a3a4958e5d0cc59b098ad4e69cb25e4e |
openssl-0.9.8e-7.el5.i686.rpm
File outdated by: RHSA-2009:1335 |
f5a5aea66543b2d16f471cec06a886b9 |
openssl-perl-0.9.8e-7.el5.i386.rpm
File outdated by: RHSA-2009:1335 |
9ad42d72790a3276700c52d3f64ef854 |
| |
| x86_64: |
openssl-0.9.8e-7.el5.i686.rpm
File outdated by: RHSA-2009:1335 |
f5a5aea66543b2d16f471cec06a886b9 |
openssl-0.9.8e-7.el5.x86_64.rpm
File outdated by: RHSA-2009:1335 |
a2d5b76b0efda8a777a9e5947688e8e6 |
openssl-perl-0.9.8e-7.el5.x86_64.rpm
File outdated by: RHSA-2009:1335 |
173d61ddac6bd027460556be09b327e3 |
| |
(The unlinked packages above are only available from the Red Hat Network)
|
450987 - should /etc/pki/tls/certs/ca-bundle.crt not be the default one used?
openssl bug fix update