Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

EasyApache Using Different OpenSSL From Server Shell

Discussion in 'EasyApache' started by Avalon, May 22, 2015.

  1. Avalon

    Avalon Member

    Joined:
    Apr 27, 2015
    Messages:
    19
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    United States
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Going through some of the settings I realized that EasyApache, which I recently used to update to Apache 2.4 is using a different version of OpenSSL from what the command line is report.

    According to Apache and PHP, the OpenSSL version is: OpenSSL 1.0.1e-fips 11 Feb 2013

    Whereas the updated server version is: OpenSSL 1.0.2a-fips 19 Mar 2015

    I couldn't find any documentation on this but how can I get EasyApache to utilize the server version? Or, if it's possible (as an Apache rebuild takes quite a bit of time), swap out the older version for the server version?

    I went through the effort of having OpenSSL updated so that we could specify the DHParameters key but since Apache is using the older OpenSSL it kicks back by saying the parameter is invalid and falls back on the configuration.

    The server runs CloudLinux and I have already ensured that the cages where synced.
     
    #1 Avalon, May 22, 2015
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    46,390
    Likes Received:
    2,046
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelMichael, May 22, 2015
  3. Avalon

    Avalon Member

    Joined:
    Apr 27, 2015
    Messages:
    19
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    United States
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    I took a look at the workaround but EasyApache still elects to use OpenSSL 1.0.1e as opposed to the system version.

    I even tried just soft linking to /opt/ssl since according to that thread EasyApache 3 would use what was installed in /opt/ssl but that turned out to not be the case either.

    After apply the proper cagefsctl updates the cages still report 1.0.1e-fips and not 1.0.2a-fips.
     
    #3 Avalon, May 22, 2015
    Last edited: May 22, 2015
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    46,390
    Likes Received:
    2,046
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    You may want to post to that thread to see if the original author can assist you with the custom workaround.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 cPanelMichael, May 26, 2015
  5. Avalon

    Avalon Member

    Joined:
    Apr 27, 2015
    Messages:
    19
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    United States
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    I had actually spoken to cPanel support. They said that it's just simply no longer possible to overrule EasyApache when it comes to the matter of OpenSSL and CurlSSL unfortunately. Silly when you think about it but nevertheless it's the same answer I got from three different sources after reaching out.

    It accepts pretty much every other override still however. Interestingly, there's a post from April but they were facing issues with WHM afterwards. Perhaps distribution specific? It really doesn't matter anymore as we can execute what we needed the new libraries for from the shell or by sending it to another machine in the cluster.

    The best we were able to get it to do was override the headers:

    Code:
    OpenSSL support    enabled
OpenSSL Library Version    OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL Header Version    OpenSSL 1.0.2a-fips 19 Mar 2015
     
    #5 Avalon, May 26, 2015
    Last edited: May 26, 2015
(You must log in or sign up to post here.)
Loading...
Similar Threads - EasyApache Using Different
  1. Lisa Thompson

    SOLVED EasyApache4 upgrade causing problem with all WP sites

    Lisa Thompson, Aug 18, 2018, in forum: EasyApache
    Replies:
    3
    Views:
    559
    cPanelMichael
    Aug 23, 2018
  2. Raj Janorkar

    Tomcat with AutoSSL using EasyApache 3 with mod_jk

    Raj Janorkar, Jun 21, 2018, in forum: EasyApache
    Replies:
    5
    Views:
    358
    cPanelMichael
    Jun 25, 2018
  3. Amro Abu-Hmaidan

    Enable Webp support for PHP7.0 using EasyApache 4

    Amro Abu-Hmaidan, Feb 25, 2018, in forum: EasyApache
    Replies:
    1
    Views:
    878
    cPanelMichael
    Feb 26, 2018
  4. PabloC

    SOLVED EasyApache4 using wrong log file?

    PabloC, Dec 1, 2017, in forum: EasyApache
    Replies:
    5
    Views:
    666
    cPanelMichael
    Jan 30, 2018
  5. Nirjonadda

    SOLVED Still using EasyApache 3 for v64

    Nirjonadda, Mar 29, 2017, in forum: EasyApache
    Replies:
    5
    Views:
    872
    cPanelMichael
    Apr 18, 2017

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice