Blog

How Can I Set up TLSv1.2 on CentOS?

 

TLSv1.2 should be available on CentOS 6.5. You can test if your website supports TLSv1.2 by running the following command from your local machine:

openssl s_client -connect your.domain.name:443 -tls1_2 

You should see something like:

SSL-Session:    Protocol  : TLSv1.2    Cipher    : AES256-SHA256

More important than the operating system, however, is the version of OpenSSL you are using. You will just want to make sure you are using OpenSSL 1.0.1 or later. OpenSSL 0.9.8 does not support TLS 1.2. You can confirm this at the OpenSSL changelog. To check which version of OpenSSL you are running, you can run the following commands:

openssl version yum info openssl

To download, compile, and install the latest version of OpenSSL, you can run the following commands:

#Downloads the latest version
cd /usr/src wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz tar -zxf openssl-1.0.2-latest.tar.gz 
#Manually compiles OpenSSL and upgrades OpenSSL
cd openssl-1.0.2a ./config make make test
make install 
#If you are still seeing the old version still displayed, make a copy of the Open SSL bin file
mv /usr/bin/openssl /root/ ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

From there you can run the openssl version command again to verify it has installed/updated properly. Hope this helps point you in the right direction!

Was this post helpful?