This article guides you through the vital process of setting up TLSv1.2 on CentOS, a critical step in fortifying the security of your server communications. As an integral component of secure data transmission, Transport Layer Security (TLS) ensures data confidentiality and integrity. Whether you’re a system administrator or a user keen on enhancing your CentOS server’s security, this concise yet comprehensive guide equips you with the knowledge and steps necessary to implement TLSv1.2 effectively, elevating the safeguarding of your data against potential threats.

TLSv1.2 should be available on CentOS 6.5. You can test if your website supports TLSv1.2 by running the following command from your local machine:

openssl s_client -connect -tls1_2

You should see something like:

SSL-Session:    Protocol  : TLSv1.2    Cipher    : AES256-SHA256

More important than the operating system, however, is the version of OpenSSL you are using. You will just want to make sure you are using OpenSSL 1.0.1 or later. OpenSSL 0.9.8 does not support TLS 1.2. You can confirm this at the OpenSSL changelog. To check which version of OpenSSL you are running, you can run the following commands:

openssl version yum info openssl

To download, compile, and install the latest version of OpenSSL, you can run the following commands:

#Downloads the latest version
cd /usr/src wget tar -zxf openssl-1.0.2-latest.tar.gz 
#Manually compiles OpenSSL and upgrades OpenSSL
cd openssl-1.0.2a ./config make make test
make install 
#If you are still seeing the old version still displayed, make a copy of the Open SSL bin file
mv /usr/bin/openssl /root/ ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

From there you can run the openssl version command again to verify it has installed/updated properly. Hope this helps point you in the right direction!