Control Web Panel
WebPanel => Apache => Topic started by: batgranny on April 27, 2017, 10:59:58 AM
-
I would like to upgrade the version of OpenSSL used by Apache from the default OpenSSL 1.0.1e to a newer, more secure version. I have manually compiled OpenSSL 1.0.2k and it is sucessfully installedon the server:
# openssl version
OpenSSL 1.0.2k 26 Jan 2017
However when I view the Apache headers I can see that it is still using the old version:
Server:Apache/2.2.32 (Unix) mod_ssl/2.2.32 OpenSSL/1.0.1e-fips
I rebuilt Apache and edited the default configuration to use the include folder from the new openssl
original:
--enable-ssl=/usr/include/openssl
new:
--enable-ssl=/usr/src/openssl-1.0.2k/include/openssl
However Apache still reports 1.0.1e. What can I do to rebuild Apache with the new SSL version? What am I missing? If I symlink /usr/src/openssl-1.0.2k/include/openssl to /usr/include/openssl would that work? Any help anyone could provide with this would be really helpful as I've been looking at this for about a month without sucess.
-
why you didn't using the default version ? the security patches are updated regularly on base version rather the version number remains the same
-
It's for PCI compliance, the default version comes up as a PCI fail.
-
Last night I attempted to rebuild Apache after symlinking /usr/src/openssl-1.0.2k/include/openssl to /usr/include/openssl and that just broke Apache completely.
-
we haven't tested as this is a custom request and at the moment we use default centos/epel packages for ssl.
For custom requests you would need to google about it or contact our development team for custom project.