I am working to replace all the CentOS 7 servers and upgrade to Oracle 9 where possible. One snag is that the openssl library that ships with 9 (3.0.7) does not support any TLS version below 1.2. Unfortunately there are a few legacy systems that cannot use TLSv1.2 and Development refuses to update so I hope I can link haproxy to an older version of libssl. If not I can will fall back to OL8.
I am trying to do this this with haproxy v2.8.3
I loaded the compatibility package compat-openssl11 (1.1.1k) and tried compiling with the command:
make clean
make -j $(nproc) TARGET=linux-glibc USE_OPENSSL=1 USE_ZLIB=1 USE_PCRE=1 USE_LUA=1 USE_SYSTEMD=1 SSL_LIB=/usr/lib64/libssl.so.1.1
However, ldd still shows it linking to libssl3
ldd haproxy |grep -E "(libssl|crypto)"
libssl.so.3 => /lib64/libssl.so.3 (0x00007f4d95522000)
libcrypto.so.3 => /lib64/libcrypto.so.3 (0x00007f4d950f1000)
Obviously I am doing something wrong but I don’t know what.
Suggestions?
2 posts - 2 participants