Need to update TLS to 1.1 and/or 1.2

We are running an application which was originally intended for CentOS/RedHat 5. By installing compatible libraries, I have gotten it to run on CentOS 6 and now CentOS 7.

The closed-source binary depends on httpd.tcl and that whole set of libraries/files to run. It originally had in the /lib folder a folder called /tcl8.4.

I have made a symlink to library8.6.10. That also lets the binary/application run.

BUT, when I try to upgrade the TLS library in folder /tls, it bombs.

Something seems to have some dependency on

I -really- need to be able to run this program and have upgrade libtls.

Can anyone point me to a set of steps or ideas on how to upgrade LIBTLS with TCL so that they interoperate properly?

CentOS 7 environment, as noted above.

That’s a tough one. How do you feel about hand editing binary files?

Tcl scripts will be running the tls module, which has a binary component that is linked dynamically (or static) to an underlying OpenSSL library. Replacing the binary component from the Tcl tls module has to also be coupled with replacing the OpenSSL library to match what the newer tls module is looking for.

You’ll find there’s more to the problem than simply getting the old code to use a newer library. The application needs to know how to use the newer features in a newer 8.6Tcl or a newer OpenSSL library. If it had a dependence on TLS 1.50, the old Tcl code won’t know how to negotiate a connection using TLS 1.0. It’s probably only able to use SSLv2 or SSLv3. If that part of the logic is also buried in a closed source binary, there’s going to be very little you can do.

1 Like