Securing Applications with TLS in RHEL
This is the index page for a set of articles that describe how to configure applications that use cryptography. The aim is to present the recommended configurations and solutions that account for the currently known state of the security landscape.
Due to the fact that both protocol-level and implementation-levels flaws are exposed on a frequent basis both the recommended configurations and package versions are liable to change. It is a simple fact that anybody who runs a system that expects to maintain a reasonably high level of security should expect to have to update and adapt promptly in the face of new issues. Systems cannot simply be frozen at a given state and hope to remain secure.
Cryptographic Toolkits In Use
| Crypto Toolkit | RHEL8 | RHEL7 | RHEL6 | RHEL5 | RHEL4 |
|---|---|---|---|---|---|
| openssl | v1.1.1 | v1.0.1e / v1.0.2k | v1.0.0 / v1.0.1e | v0.9.8e | v0.9.7a |
| NSS | v3.41.0 | v3.15.4 - v3.36.0 | v3.12.10 - v3.28.4 | v3.11.5 - v3.21.3 | v3.11.99 - v3.12.10 |
| gnutls | v3.6.5 | v3.1.19 - v3.3.29 | v2.8.5 - v2.12.23 | v1.4.1 | v1.0.20 |
Application Setup
| Application | Using Crypto Toolkit | RHEL8 | RHEL7 | RHEL6 | RHEL5 |
|---|---|---|---|---|---|
| Apache with mod_ssl | openssl | 2.4.37 | v2.4.6 | v2.2.15 | v2.2.3 |
| Apache with mod_nss | NSS | N/A | v1.0.14 | v1.0.10 | v1.0.8 |
| sendmail | openssl | v8.15.2 | v8.14.7 | v8.14.4 | v8.13.8 |
| postfix | openssl | - | v2.10.1 | v2.6.6 | v.2.3.3 |
| dovecot | openssl | - | v2.2.36 | v2.0.9 | v1.0.7 |
| cyrus-imapd | openssl | - | v2.4.17 | v2.3.16 | v2.3.7 |
| mysql/mariadb server | openssl | - | v5.5.56-v5.5.60 | v5.1.73 | v5.0.95 |
| mysql/mariadb client | openssl | - | v5.5.56-v.5.5.60 | v5.1.73 | v5.0.95 |
| postgresql server | openssl | - | v9.2.23-v9.2.24 | v8.4.20 | v8.1.23 |
| postgresql clients | openssl | - | v9.2.23-v9.2.24 | v8.4.20 | v8.1.23 |
| openldap server | openssl/NSS | N/A | v2.4.44 | v2.4.40 | v2.3.43 |
| openldap client | openssl/NSS | - | v2.4.44 | v2.4.40 | v2.3.43 |
| libvirtd (libvirt/libvirt-daemon) | gnutls | - | v3.2.0- v3.9.0 | v0.10.2 | NA |
- For Apache/mod_ssl deployment and handling details, also refer to
- for RHEL 8: Deploying Web servers and Reverse Proxies
- for RHEL 9: Deploying Web servers and Reverse Proxies
- for RHEL 10: Deploying Web servers and Reverse Proxies
Testing Your Secured Connection
Some details on how to test the particular configuration of a secured service can be found on the Testing Secured Connections web page.
Additional Resources: Securing Identity Management
See Configuring TLS 1.2 for Identity Management in RHEL 6.9.