# Installing TLS 1.1 on freebsd



## Gez (Jul 2, 2018)

I have a requirement to move to TLS 1.1 in order to interact with some web servers that support this. I am running FreeBSD10,  but I see that even the OpenSSL which comes with 12 does not support 1.1, this seems odd since it's pretty mature now. Given that it's not in the latest version of FreeBSD,  is there some easy way to upgrade TLS on a FreeBSD server?

How risky is this?  I don't have a old server to test this on, is it high risk to try to install this on a production server? Has anyone done it, or able to offer any advice?

Many thanks in advance.  I have been searching on these forums and googling but am finding very little on this subject and what I find seems to be pretty old and probably out of date,

thanks in advance 

G


----------



## drhowarddrfine (Jul 2, 2018)

Gez said:


> I am runnning freebsd10, but I see that even the open ssl which comes with 12 does not support 1.1


What makes you think that? My company hosts a number of large and small web sites that have used TLS1.1 and 1.2 for centuries on FreeBSD so your information is wrong.


----------



## usdmatt (Jul 2, 2018)

Are you confusing the OpenSSL and TLS versions? I have an FreeBSD 11.1 machine that is running OpenSSL 1.0.2. OpenSSL has supported TLS 1.2 since 1.0.1. I also have a 10.4 machine that has TLS 1.2 support. I haven't bothered checking when TLS 1.1 support was added but it's been in FreeBSD for a long time.


----------



## SirDice (Jul 2, 2018)

usdmatt said:


> OpenSSL has supported TLS 1.2 since 1.0.1.


If I'm not mistaken OpenSSL was updated to 1.0.1 on FreeBSD 10.0 (released in January 2014).



Gez said:


> I have a requirement to move to TLS 1.1


Skip it and move to TLS 1.2. The whole world is deprecating TLS 1.0 and 1.1. By the time you're done with your project the rest of the world would already have moved on.


----------

