Re: SSL to TLS
On Wed, Jun 13, 2018 at 10:30:52AM -0000, Dan Purgert wrote:
> Bringing this back to the list, in case anyone else has any
> suggestions ...
>
> culser wrote:
> > gee Dan
> >
> > thank you for such a fast response
> >
> > ok so i am downloading Debian 9.4.0 AMD DVD now.
> >
> > should i upgrade the existing server or build a new server with the
> > new 9.4
>
> Personally, I'd go with at least a new VM - jumping as many versions as
> you are may prove to have a rather large number of deprecations or other
> changes in your software (e.g. Postfix, etc.), rendering current
> configuration files invalid. Having Etch still around to do stuff until
> you've dealt with all the "new stuff" in Stretch.
>
I would agree that a new installation would be more sensible than
attempting an upgrade. You either skip all the versions in between and
end up in a mess, or you spend the time to upgrade one version at a
time. Either way, it will take you much longer than a new installation.
> >
> > if i upgrade will that change my settings for Apache, Postfix, ProFTP,
> > ect ... ?
>
> The "upgrade" itself probably wouldn't do anything -- but as I said
> above, you're talking about a pretty big jump in terms of revisions; so
> individual programs quite likely have different syntax now.
I am not sure about ProFTP and Postfix, but I am certain that your old
Apache configurations will almost certainly no longer work. There have
been significant changes to the configuration of SSH and if you still
have clients that depend on the weak deprecated ciphers, you will need
to manually enable those.
Dan's offers an excellent recommendation to keep the Etch system around
until you have fully transitioned. Make sure you follow that.
Regards,
-Roberto
--
Roberto C. Sánchez
Reply to: