Hedloff

Well-Known Member
Jun 7, 2004
175
9
168
Up north!
cPanel Access Level
DataCenter Provider
Hello,

Why hasn't OpenSSL version been updated for years?
On EA3 server:
[email protected] [~]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

[email protected] [~]# rpm -qa | grep openssl
alt-openssl-libs-1.0.2k-2.el6.cloudlinux.10.x86_64
openssl-1.0.1e-57.el6.x86_64
openssl-devel-1.0.1e-57.el6.x86_64

On EA4 server:

[email protected]:/# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

[email protected]:/# rpm -qa | grep openssl
ea-openssl-1.0.2k-5.el7.cloudlinux.1.x86_64
openssl-devel-1.0.1e-60.el7_3.1.x86_64
alt-openssl-libs-1.0.2k-2.el7.cloudlinux.10.x86_64
openssl-1.0.1e-60.el7_3.1.x86_64
openssl-libs-1.0.1e-60.el7_3.1.x86_64

How can customers use version 1.0.2k?

Changelog:
/news/changelog.html
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,216
463
Hello,

OpenSSL is provided by the operating system (e.g. CentOS, Red Hat) and is not a package that's developed or published by cPanel. You may find the following command helpful to see which patches have been backported to the version of openssl installed on your system:

Code:
rpm -q --changelog openssl | grep CVE
It lists the patches included with the RPM, as the version number will not always change after an update. Also, since you are using CloudLinux, they provide updates to the OpenSSL package. Here's their latest blog post regarding openssl:

OpenSSL updated for CloudLinux 6 and CloudLinux 7

Thank you.