The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

OpenSSL updates

Discussion in 'Security' started by Hedloff, Aug 1, 2017.

Tags:
  1. Hedloff

    Hedloff Well-Known Member

    Joined:
    Jun 7, 2004
    Messages:
    110
    Likes Received:
    3
    Trophy Points:
    168
    Location:
    Up north!
    cPanel Access Level:
    DataCenter Provider
    Hello,

    Why hasn't OpenSSL version been updated for years?
    On EA3 server:
    root@server [~]# openssl version
    OpenSSL 1.0.1e-fips 11 Feb 2013

    root@server [~]# rpm -qa | grep openssl
    alt-openssl-libs-1.0.2k-2.el6.cloudlinux.10.x86_64
    openssl-1.0.1e-57.el6.x86_64
    openssl-devel-1.0.1e-57.el6.x86_64

    On EA4 server:

    root@server2:/# openssl version
    OpenSSL 1.0.1e-fips 11 Feb 2013

    root@server2:/# rpm -qa | grep openssl
    ea-openssl-1.0.2k-5.el7.cloudlinux.1.x86_64
    openssl-devel-1.0.1e-60.el7_3.1.x86_64
    alt-openssl-libs-1.0.2k-2.el7.cloudlinux.10.x86_64
    openssl-1.0.1e-60.el7_3.1.x86_64
    openssl-libs-1.0.1e-60.el7_3.1.x86_64

    How can customers use version 1.0.2k?

    Changelog:
    /news/changelog.html
     
    #1 Hedloff, Aug 1, 2017
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,617
    Likes Received:
    296
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    #2 Infopro, Aug 1, 2017
  3. Hedloff

    Hedloff Well-Known Member

    Joined:
    Jun 7, 2004
    Messages:
    110
    Likes Received:
    3
    Trophy Points:
    168
    Location:
    Up north!
    cPanel Access Level:
    DataCenter Provider
    That thread did not solve anything.
    1.0.1 is not supported anymore so I'm wondering why it is still used on all our cPanel servers?
    OpenSSL - Wikipedia
     
    #3 Hedloff, Aug 4, 2017
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,287
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    OpenSSL is provided by the operating system (e.g. CentOS, Red Hat) and is not a package that's developed or published by cPanel. You may find the following command helpful to see which patches have been backported to the version of openssl installed on your system:

    Code:
    rpm -q --changelog openssl | grep CVE
    It lists the patches included with the RPM, as the version number will not always change after an update. Also, since you are using CloudLinux, they provide updates to the OpenSSL package. Here's their latest blog post regarding openssl:

    OpenSSL updated for CloudLinux 6 and CloudLinux 7

    Thank you.
     
    #4 cPanelMichael, Aug 4, 2017
(You must log in or sign up to post here.)
Loading...
Similar Threads - OpenSSL updates
  1. Hosted Power

    Issue with openssl after EA4 update

    Hosted Power, Aug 9, 2017, in forum: EasyApache
    Replies:
    26
    Views:
    382
    lm137
    Aug 18, 2017 at 12:27 PM
  2. Guillaume Pilotte-Patry

    cPanel Update & OpenSSL

    Guillaume Pilotte-Patry, Aug 3, 2017, in forum: Security
    Replies:
    5
    Views:
    127
    cPanelMichael
    Aug 7, 2017
  3. Nirjonadda

    Custom OpenSSL version

    Nirjonadda, Feb 27, 2017, in forum: General Discussion
    Replies:
    1
    Views:
    357
    Infopro
    Feb 28, 2017
  4. Enlightened IT

    Problem with OpenSSL Version

    Enlightened IT, Feb 23, 2017, in forum: Security
    Replies:
    5
    Views:
    740
    cPanelMichael
    Jun 27, 2017
  5. Gareth-AWD

    Install PEM Key to OpenSSL

    Gareth-AWD, Jan 11, 2017, in forum: General Discussion
    Replies:
    3
    Views:
    359
    cPanelMichael
    Jan 24, 2017

Share This Page