[BlueOnyx:14358] BlueOnyx 5106R users: Please consider upgrading

[Michael Stauber]

Hi all,

I'm about to wrap up the SSL security review of BlueOnyx. The final
updates will go into the BlueOnyx-Testing YUM repository and then -
within a day or two - these updates will be pushed to the production YUM
repositories.

That's for 5106R, 5107R and 5108R.

But let me say this: If you're using BlueOnyx 5106R, then please
consider migrating to BlueOnyx 5107R or BlueOnyx 5108R in the near future.

CentOS5 will be around and maintained until March 31, 2017.

However: As things stand I'd *strongly* advise not to wait that long.

The reason for this has to do with OpenSSL. Every sensible server
operator is sharpening up security wise and everyone looks what can be
done to make services more secure and less prone to snooping. However,
the RHEL5 based CentOS5 gets the short stick here. It is burdened with
OpenSSL-0.9.8 and that means neither TSLv1.1 or TLSv1.2 are available.
These are stronger and more secure protocols.

Unless RedHat releases the next version of RHEL5 with a much newer
OpenSSL this situation will not improve. And don't hold your breath for
that. The will most likely keep OpenSSL as it is.

So BlueOnyx 5106R is stuck with TLSv1.0 for all SSL related services.

On the other hand: Since the latest round of updates BlueOnyx
5107R/5108R allows TLSv1.0, 1.1 and 1.2 for services such as HTTPS,
POP3S, IMAPS and FTPS.

Another reason to upgrade is cosmetic: It'll make it much easier to get
the new BlueOnyx GUI installed once it's ready for release.

-- 
With best regards

Michael Stauber