CCing @bleader too.
@sapcode said in openssl 1.1.1 update or manual build in XCP 8.2.1 possible ?:
Would it be safe to run yum remove openssl as the first step or would this break the XCP installation:
The second option. And actually it's not openssl you're looking for, it's openssl-libs, and removing it will not even work, as it attempts to remove yum and systemd which depend on it and are protected.
Note that we do offer openssl 1.1.1 through the xs-openssl-libs package, and that is what XAPI uses for communication instead of the system one. However you'd have to patch and rebuild curl or wget so that they use it, and this definitely voids your warranty.
You are going on a journey that is far more difficult than you initially expected, I fear. So I'd start questioning the initial needs again.
Why do you need to contact websites such as ssl-tools.net from dom0? Can't you do it from a VM?