# FreeBDS 7 and TLS 1.2



## question (Apr 12, 2020)

I've been told by one of my system administrators that my server won't support the latest SSL/TLS versions because I'm using FreeBSD 7 and it's no longer supported and too old.

Is there anyway to get a good version of TLS working on my FreeBSD 7 server so that I can server TLS/SSL certificates and websites where the PADLOCK or SSL SECURE LOCK will show without errors?

Thanks in advance.


----------



## lostpacket (Apr 13, 2020)

FreeBSD 7 was end of life in 2011, you'd be better of upgrading (or fresh installing) a supported version.


----------



## question (Apr 13, 2020)

I know this and I've been told it many many many times.  I'm not that dumb to not know it myself either.

I plan on migrating to a new server, but first I have to have my customer's SSL working properly if at all possible on FreeBSD 7.

So I want to know if I can get the SSL/TLS working properly in the browser window on FreeBSD 7.


----------



## question (Apr 13, 2020)

AS far as I know I just have to update OpenSSL.  I wonder if I can do that manually just to get by for the day until I can get a new server and move things over?


----------



## question (Apr 13, 2020)

As you can see since I'm still on FreeBSD 7 I'm not into just trying things.  I was wondering if anyone knows if I can upgrade or rebuild a new version of OpenSSL on my FreeBSD 7.


----------



## shkhln (Apr 13, 2020)

question said:


> AS far as I know I just have to update OpenSSL.  I wonder if I can do that manually just to get by for the day until I can get a new server and move things over?



Judging by your posting history, you were already told to upgrade that server, like, five years ago. What's the point of holding to this specific FreeBSD version? This would be (somewhat) understandable if that installation were working ok, but evidently it doesn't.


----------



## ralphbsz (Apr 13, 2020)

You can try. Download the source for today's OpenSSL, and start compiling. The chance of succeeding out of the box is very low. You can either try to find some sort of archive place (the internet archive?) that has a 10-year old copy of the FreeBSD port tree. Or you can start modifying the source and make files until it starts working. It would probably take an experienced engineer a day or two to get it to work. I don't know whether you are an an experienced software engineer.

I would suggest that you also immediately start either upgrading the system (which is theoretically possible, although most likely very tedious), and/or setting up a new system from scratch.


----------



## question (Apr 13, 2020)

shkhln said:


> Judging by your posting history, you were already told to upgrade that server, like, five years ago. What's the point of holding to this specific FreeBSD version? This would be (somewhat) understandable if that installation were working ok, but evidently it doesn't.



I'm not here to discuss irrelevant things like this.  If you have the solution, great.  Please share, I'd appreciate it.  Otherwise keep the creative and off-topic replies to yourself.


----------



## shkhln (Apr 13, 2020)

I'm afraid the only off-topic thing here is your question. It's specifically forbidden in the forum rules even.


----------



## question (Apr 13, 2020)

ralphbsz said:


> You can try. Download the source for today's OpenSSL, and start compiling. The chance of succeeding out of the box is very low. You can either try to find some sort of archive place (the internet archive?) that has a 10-year old copy of the FreeBSD port tree. Or you can start modifying the source and make files until it starts working. It would probably take an experienced engineer a day or two to get it to work. I don't know whether you are an an experienced software engineer.
> 
> I would suggest that you also immediately start either upgrading the system (which is theoretically possible, although most likely very tedious), and/or setting up a new system from scratch.



Do I really need your permission to try?  I came here to ask if anyone had a working solution, not a bunch of nonsense.  I likely won't be back to read any replies to this until I forget that there is nothing useful here that I didn't already know.


----------



## shkhln (Apr 13, 2020)

Am I supposed to believe you aren't just trolling us?


----------



## zirias@ (Apr 13, 2020)

Simple as that, if you're unwilling to take the only sane advice, you're on your own. Running EOL systems was always one of the worst ideas, back in the 90s as well as now, and independent of the brand as well. So please don't tell silly stories. By not upgrading in almost 10 years, you caused the trouble you're in right now -- be thankful it's "only" missing support for any secure version of TLS. Now go fix it. Insulting people here will NOT fix it.


----------



## AngryChris (Apr 17, 2020)

I just got through reading the glorious thread METIN-2 / METIN2 and other illegal software- don't ask for assistance on these forums. Are we sure that's not in play here? The version of FreeBSD in "question" (FreeBSD 7) and the defensiveness of the OP when asked "why?" look like red flags to me.


----------



## shkhln (Apr 18, 2020)

I'm sure we'll get the opportunity to ask OP about Metin after another five years.


----------



## Alain De Vos (Apr 18, 2020)

In times of Corona this thread made me laugh. Serious, if someone wants to use ancient versions why not.
Your just 99.9999999% on your own. Have fun.


----------



## Barney (Jan 6, 2023)

question said:


> Do I really need your permission to try?  I came here to ask if anyone had a working solution, not a bunch of nonsense.  I likely won't be back to read any replies to this until I forget that there is nothing useful here that I didn't already know.


I love these threads. You come here asking for help and you get 20 guys telling you tp spend a month upgrading 90 pieces of software and rebuilding an entire server, as if there weren't good reasons that you're still using an old version of the os. As if these seasoned veterans don't know how much work it would be to upgrade from 7 to 11 or 12, when all you want to do is upgrade one thing.


----------



## shkhln (Jan 6, 2023)

Barney said:


> I love these threads. You come here asking for help and you get 20 guys telling you tp spend a month upgrading 90 pieces of software and rebuilding an entire server, as if there weren't good reasons that you're still using an old version of the os. As if these seasoned veterans don't know how much work it would be to upgrade from 7 to 11 or 12, when all you want to do is upgrade one thing.


Well, if that makes you happy, you can think of the forum rules as a great conspiracy to push people to pay money for the support. There are definitely ways of isolating old software (like VMs), which may be applicable here, but we aren't going to guide you through the whole such setup for free.


----------



## eternal_noob (Jan 6, 2023)

Barney there's a reason he did not get help. Read








						Do not post METIN / METIN2 topics on these forums!
					

Copied the sticky to the General forum for slightly higher visibility.  METIN-2 / METIN2 and other illegal software - don't ask for assistance on these forums. Threads will be closed, posters will be banned.    Factfinding: The server files are indeed leaked, so we're basically talking about an...




					forums.freebsd.org


----------



## Barney (Jan 6, 2023)

shkhln said:


> Well, if that makes you happy, you can think of the forum rules as a great conspiracy to push people to pay money for the support. There are definitely ways of isolating old software (like VMs), which may be applicable here, but we aren't going to guide you through the whole such setup for free.


Perhaps he was hoping to find someone also running an old version that could help him? Nobody is asking you to help anyone if you don't want to. It's supposed to be a community; not a bunch of angry old men scolding people for doing things differently than they're doing it.


----------



## eternal_noob (Saturday at 12:20 AM)

Barney said:


> It's supposed to be a community; not a bunch of angry old men


This suggests you didnt't read or understand the thread i linked.

There are legal reasons!


----------



## Alain De Vos (Saturday at 12:30 AM)

Feel free to elaborate, which exact legal reasons ?


----------



## eternal_noob (Saturday at 12:54 AM)

Supporting stolen software for example.


> We cannot run the risk of having a public forum containing tips and tricks to run obviously illegal software. It's a liability we cannot accept.


----------



## cmoerz (Saturday at 9:00 AM)

question said:


> As you can see since I'm still on FreeBSD 7 I'm not into just trying things.  I was wondering if anyone knows if I can upgrade or rebuild a new version of OpenSSL on my FreeBSD 7.


Why are you even going this route? Have you considered fronting the system with a reverse proxy (on a current OS) that does the job for you? It's hack-ish but it would be a reasonably quick workaround until you manage to upgrade.


----------



## chessguy64 (Saturday at 9:27 AM)

cmoerz said:


> Why are you even going this route? Have you considered fronting the system with a reverse proxy (on a current OS) that does the job for you? It's hack-ish but it would be a reasonably quick workaround until you manage to upgrade.



You know you're replying to a question almost 3 years old, right?


----------

