Posted by & filed under List Posts.

The CentOS 5 End of Life is fast approaching.  If you still use CentOS 5 on your server(s) now is the time to update to a more recent, supported version of this popular OS.  This was posted back in October 2016 but with the impending EOL coming up fast it’s well worth reading again.  If proper support and PCI Compliance are important to you, you need to read this.  We can’t stress enough how important this is!

 

On March 31, 2017, CentOS 5 will reach its End Of Life (EOL).  At this time, CentOS 5 will no longer receive any further updates.  At the same time, various software vendors such as cPanel, OpenSSL,and Redhat who produce applications which run on CentOS 5 will cease to provide support and updates for their products that are specific to CentOS 5.  

Additionally, server owners who continue utilizing CentOS5 without updating to a new, more current operating system will fall out of PCI Compliance and will no longer be able to accept credit card payments via their sites/servers on their servers running CentOS 5.  

To learn more about current PCI compliance requirements please have a look at this link:  https://www.venafi.com/blog/post/new-pci-dss-v3.1-ssl-tls-requirementsbut-many-arent-compliant-with-pci-dss/

Here are some of the reasons that CentOS 5 based servers will no longer be PCI Compliant:

  • RHEL/CentOS 5 based servers cannot support SNI which is becoming more important as IPv4 address space dwindles.  SNI was unsupported prior to OpenSSL 0.9.8f but RHEL/CentOS 5 shipped with OpenSSL 0.9.8e, meaning that unless you update, you cannot utilize SNI.
  • RHEL/CentOS 5 base servers also can’t support OCSP stapling.  This decreases the latency of the handshake in establishing secure TLS transactions.  OSCP checks certificates for revocation and was not supported prior to OpenSSL 0.9.8g, but, once again, RHEL/CentOS 5 shipped only with OpenSSL 0.9.8e.
  • OpenSSL 1.0.1+ adds support for the AES-NI instructions in Westmere/Sandy Bridge/Ivy Bridge or later CPUs.  This support increases performance of SSL/TLS connections and prevents timing attacks against AES.

We everyone who is running servers with CentOS 5 to update to CentOS 6 or CentOS 7 as soon as possible.  We are making every effort to keep our customers notified of this important update requirement.  Our technical & sales teams stand ready to help you update to a more current, modern OS on your server.  Please take the time to let us help you get up to date and maintain PCI Compliance and more effective security for your content & customers.

More information regarding the CentOS5 EOL can be found at the following places:

https://wiki.centos.org/About/Product

https://blog.cpanel.com/end-of-life-for-centos5/

https://wiki.centos.org/FAQ/General

The TSS Sales and Support team is ready to help you upgrade your OS.