But people who use ancient RHEL/CentOS don't apply random kernel patches and I d...

chaosphere2112 · on Oct 22, 2014

RHEL6/CentOS 6 are the most recent releases; not exactly what I'd call ancient.

abjorn · on Oct 22, 2014

RHEL 7/CentOS 7 are the most recent releases. 6 was released 3 years ago.

ams6110 · on Oct 22, 2014

MANY production environments are still on RHEL 5.

wolf550e · on Oct 22, 2014

Apache and openssl in rhel5 are too old to use IMO. People should upgrade.

nl · on Oct 23, 2014

Redhat applies critical security fixes for RHEL5 until 2020[1], and that's why people pay the money.

Yeah, it's old, outdated etc, but sometimes if something works it makes sense to stay on it.

[1] https://access.redhat.com/support/policy/updates/errata#Life...

wolf550e · on Oct 23, 2014

The openssl 0.9.8 with Apache/2.2.3 combo only supports TLS 1.0. I couldn't setup TLS to get better than grade "B" on Qualys' SSL Server Test. I sacrificed MSIE on WinXP, used TLS 1.0 only, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA only, got a "B". I want Forward Secrecy only, AEAD only setup. Have to upgrade to RHEL6 for that.

uberneo · on Oct 22, 2014

Yes i totally agree .. nginx has very less memory footprint as well

chrishepner · on Oct 22, 2014

They are the second to most recent releases - RHEL7 was released in June, CentOS 7 in July.