Author Topic: Rebuild Apache with OpenSSL 1.0.2k  (Read 10225 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Rebuild Apache with OpenSSL 1.0.2k
« on: April 27, 2017, 10:59:58 AM »
I would like to upgrade the version of OpenSSL used by Apache from the default OpenSSL 1.0.1e to a newer, more secure version.  I have manually compiled OpenSSL 1.0.2k and it is sucessfully installedon the server:

Code: [Select]
# openssl version
OpenSSL 1.0.2k  26 Jan 2017

However when I view the Apache headers I can see that it is still using the old version:

Code: [Select]
Server:Apache/2.2.32 (Unix) mod_ssl/2.2.32 OpenSSL/1.0.1e-fips
I rebuilt Apache and edited the default configuration to use the include folder from the new openssl

original:

Code: [Select]
--enable-ssl=/usr/include/openssl
new:

Code: [Select]
--enable-ssl=/usr/src/openssl-1.0.2k/include/openssl
However Apache still reports 1.0.1e.  What can I do to rebuild Apache with the new SSL version?  What am I missing? If I symlink  /usr/src/openssl-1.0.2k/include/openssl to /usr/include/openssl  would that work?  Any help anyone could provide with this would be really helpful as I've been looking at this for about a month without sucess.

Offline
*****
Re: Rebuild Apache with OpenSSL 1.0.2k
« Reply #1 on: April 27, 2017, 11:03:01 AM »
why you didn't using the default version ? the security patches are updated regularly on base version rather the version number remains the same

Offline
*
Re: Rebuild Apache with OpenSSL 1.0.2k
« Reply #2 on: April 27, 2017, 01:46:54 PM »
It's for PCI compliance, the default version comes up as a PCI fail.

Offline
*
Re: Rebuild Apache with OpenSSL 1.0.2k
« Reply #3 on: April 28, 2017, 10:02:22 AM »
Last night I attempted to rebuild Apache  after symlinking /usr/src/openssl-1.0.2k/include/openssl to /usr/include/openssl and that just broke Apache completely. 

Offline
*
Re: Rebuild Apache with OpenSSL 1.0.2k
« Reply #4 on: April 28, 2017, 10:25:41 AM »
we haven't tested as this is a custom request and at the moment we use default centos/epel packages for ssl.
For custom requests you would need to google about it or contact our development team for custom project.
AntiDDoS Protection (web + mail)
http://centos-webpanel.com/website-ddos-protection-proxy

Join our Development Team and get paid !
http://centos-webpanel.com/develope-modules-for-cwp


Services Monitoring & RBL Monitoring
http://centos-webpanel.com/services-monitor


Do you need Fast and FREE Support included for your CWP linux server?
http://centos-webpanel.com/noc-partner-list
Installation Instructions
http://centos-webpanel.com/installation-instructions
Get Fast Support Here
http://centos-webpanel.com/support-services