EasyApache Using Different OpenSSL From Server Shell

A

Avalon

Member
Apr 27, 2015
19
1
3
United States
cPanel Access Level
DataCenter Provider
Twitter
Going through some of the settings I realized that EasyApache, which I recently used to update to Apache 2.4 is using a different version of OpenSSL from what the command line is report.

According to Apache and PHP, the OpenSSL version is: OpenSSL 1.0.1e-fips 11 Feb 2013

Whereas the updated server version is: OpenSSL 1.0.2a-fips 19 Mar 2015

I couldn't find any documentation on this but how can I get EasyApache to utilize the server version? Or, if it's possible (as an Apache rebuild takes quite a bit of time), swap out the older version for the server version?

I went through the effort of having OpenSSL updated so that we could specify the DHParameters key but since Apache is using the older OpenSSL it kicks back by saying the parameter is invalid and falls back on the configuration.

The server runs CloudLinux and I have already ensured that the cages where synced.
 
A

Avalon

Member
Apr 27, 2015
19
1
3
United States
cPanel Access Level
DataCenter Provider
Twitter
cPanelMichael said:
Hello,

You may find the following thread helpful:

https://forums.cpanel.net/threads/u...system-files-php5-curlssl-apache2-4-x.371221/

Thank you.
Click to expand...
I took a look at the workaround but EasyApache still elects to use OpenSSL 1.0.1e as opposed to the system version.

I even tried just soft linking to /opt/ssl since according to that thread EasyApache 3 would use what was installed in /opt/ssl but that turned out to not be the case either.

After apply the proper cagefsctl updates the cages still report 1.0.1e-fips and not 1.0.2a-fips.
 
Last edited:
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,250
463
Avalon said:
I took a look at the workaround but EasyApache still elects to use OpenSSL 1.0.1e as opposed to the system version.
Click to expand...
You may want to post to that thread to see if the original author can assist you with the custom workaround.

Thank you.
 
A

Avalon

Member
Apr 27, 2015
19
1
3
United States
cPanel Access Level
DataCenter Provider
Twitter
cPanelMichael said:
You may want to post to that thread to see if the original author can assist you with the custom workaround.

Thank you.
Click to expand...
I had actually spoken to cPanel support. They said that it's just simply no longer possible to overrule EasyApache when it comes to the matter of OpenSSL and CurlSSL unfortunately. Silly when you think about it but nevertheless it's the same answer I got from three different sources after reaching out.

It accepts pretty much every other override still however. Interestingly, there's a post from April but they were facing issues with WHM afterwards. Perhaps distribution specific? It really doesn't matter anymore as we can execute what we needed the new libraries for from the shell or by sending it to another machine in the cluster.

The best we were able to get it to do was override the headers:

Code: 
OpenSSL support    enabled
OpenSSL Library Version    OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL Header Version    OpenSSL 1.0.2a-fips 19 Mar 2015
 
Last edited:
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
D Deploy Java Application using EasyApache 4 Web Servers and Applications 1
R Enable Webp for PHP7.1 using EasyApache 4 Web Servers and Applications 3
L SOLVED EasyApache4 upgrade causing problem with all WP sites Web Servers and Applications 3
R Tomcat with AutoSSL using EasyApache 3 with mod_jk Web Servers and Applications 5
A Enable Webp support for PHP7.0 using EasyApache 4 Web Servers and Applications 5
Similar threads
Deploy Java Application using EasyApache 4
Enable Webp for PHP7.1 using EasyApache 4
SOLVED EasyApache4 upgrade causing problem with all WP sites
Tomcat with AutoSSL using EasyApache 3 with mod_jk
Enable Webp support for PHP7.0 using EasyApache 4
Top Bottom