Hello-

We have TKL 13.0 Debian 7.2 Wheezy on LAMP. We are starting a payment system using Stripe and they require libcurl and TLS1.2. Stripe will not work without it becasue of vulnerabilities with TLS1.0. I have installed libcurl 7.26.0 and have openssl 1.0.1e but TLS 1.2 still doesn't seem to be present. I tried to apt-get install libssl1.0.0 as someone suggested but it said I laready have the latest version. If I do an SSL test at ssllabs.com/ssltest it shows we only have TLS 1.0 and gives us a grade of "C". Indeed the Apache server in webmin under SSL Options for the site shows TLS v1.

I wonder if anyone can assist me to upgrade openssl so we have TLS 1.2, or if there is any workaround to get TLS 1.2. Apparently its a fairly big deal to have TLS 1.2 because of the vulnerabilities in earlier versions.

 

Many thanks

engineer7000

Forum: 
Jeremy Davis's picture

The current TurnKey version is v14.1 and supports TLS 1.2 OOTB. When we developed v14.0 (late last year) we used ssllabs.com/ssltest to ensure that our servers got an "A" (excluding self signed certificates).

The easiest way to upgrade is to use TKLBAM to migrate your data to a new (v14.1) server. You will need to make some manual tweaks to get everything working as it should, but they should be minimal - mostly it will be related to Apache changes between v2.2 (in v13.x) & v2.4 (in v14.x).

engineer7000's picture

I came to the same conclusion, although wanted to avoid it. We have about 20 sites on this server. I'm in the process of moving now. Thanks for your confirmation.

Jeremy Davis's picture

I know server upgrades can be a pain. But IMO if there's an option that allows you to upgrade properly to a supported OS, then it's much better to upgrade the whole server than to patch things in a hacky way... My 2c anyway.

Debian Wheezy (what v13.x was based on) has less than 2 years security updates left now. Upgrading to v14.x (Debian Jessie) now means that you won't be forced to do further upgrades until 2020 (unless something similar crops up).

engineer7000's picture

up to 2020- that sounds good....

Add new comment