The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How often is OpenSSL updated in cPanel?

Discussion in 'Security' started by dualmonitor, Oct 9, 2013.

  1. dualmonitor

    dualmonitor Active Member

    Joined:
    Dec 3, 2012
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    When I run this at the command line:

    Code:
    openssl version
    I receive:

    Code:
    OpenSSL 1.0.0-fips 29 Mar 2010
    How often is openSSL updated in cPanel?

    I'd really like to be able to take advantage of TLS 1.1 and 1.2 so I can offer perfect forward secrecy to my sites' visitors.
     
  2. ThinIce

    ThinIce Well-Known Member

    Joined:
    Apr 27, 2006
    Messages:
    346
    Likes Received:
    7
    Trophy Points:
    18
    Location:
    Disillusioned in England
    cPanel Access Level:
    Root Administrator
  3. dualmonitor

    dualmonitor Active Member

    Joined:
    Dec 3, 2012
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Hi ThinIce, yes, thanks for the link to the feature request. I voted for that about a month ago! :)
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Here is the comment by cPanelJamyn on that feature request that applies to this thread:

    Thank you.
     
  5. dualmonitor

    dualmonitor Active Member

    Joined:
    Dec 3, 2012
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Hi cpanelMichael,

    Thanks for the quick reply.

    Here's the output I see when I run that command:

    I don't see any explicit reference in there to TLS 1.1 or 1.2. Do you believe that those should be available on my system based on the output above?
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    The command provided is to check if a specific vulnerability has been patched. The version of OpenSSL installed on your system depends on the installed OS. You can check that with a command such as:

    Code:
    cat /etc/redhat-release
    Based on the OpenSSL change log, support for TLS 1.1 and 1.2 was added in OpenSSL 1.0.1, which is newer than the version installed on your system.

    Thank you.
     
  7. dualmonitor

    dualmonitor Active Member

    Joined:
    Dec 3, 2012
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    I know a fellow forum member wrote these tips on upgrading:

    http://forums.cpanel.net/f185/cpanel-openssl-1-0-1c-higher-332001.html

    His method may be bullet proof but I want to reduce the likelihood I break something.

    Do you have any recommendations on how to upgrade to OpenSSL 1.0.1 so my system will support TLS 1.1 and 1.2, cPanelMichael?
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    I recommend only using the version of OpenSSL provided by your OS vendor unless absolutely necessary. While you are welcome to implement manual modifications for a newer installation of OpenSSL, it's not guaranteed to work without issue, and it's not something we can provide support for in the event it results in configuration issues.

    Thank you.
     
  9. dualmonitor

    dualmonitor Active Member

    Joined:
    Dec 3, 2012
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Can you confirm that these are true:

    • cPanel users do not have the most recent version of OpenSSL
    • cPanel/WHM does not play a direct role in bringing OpenSSL up to date
    • Attempting to manually take action to bring OpenSSL up to date is not recommended
    • cPanel users simply have to wait until its users' OS vendors update OpenSSL
     
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    This is mostly true. However, "the latest available version" is more accurate than "up to date", as vendors backport patches to the existing versions of OpenSSL. Also, depending on the specific OS installed, some servers that utilize cPanel will have newer versions of OpenSSL than others.

    Thank you.
     
Loading...

Share This Page