'openssl', version '1.0.1e', is out of date, and possibly a security risk.

postcd

postcd

Well-Known Member
Oct 22, 2010
721
20
68
Hello,

i have CentOS 6.7 and cpanel on it.

from rkhunter i got this warning:

Warning: Application 'openssl', version '1.0.1e', is out of date, and possibly a security risk.

# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

WHM 11.52.0 (build 22)

How should i safely fix it while not reducing functionality & security of the SSL on the server?
 
C

cotswoldphoto

Active Member
Feb 20, 2015
25
3
3
cPanel Access Level
Root Administrator
I would read this:

Rkhunter reports openssl warning

I tend to test my site using the SSL Server Test (Powered by Qualys SSL Labs) test suite, although I DO add my own custom Pre Main Include to alter the cipher suites, like this:

Home » Service Configuration » Apache Configuration » Include Editor » Pre Main Include » All versions

In the Global Box delete what is there and paste this:

Code: 
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
It is possible that this needs updating for newer standards (please advise me if it does), but it works for me.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
B NTP 482 NTP Version 2, private message Security 1
N SOLVED ModSecurity cPanel False Info on version 92.0.4? Security 3
V Apache TLS 1.0 support Cpanel 90 version Security 2
F Shared Hosting, PHP Version Changed, Accidental or Malicious? Security 1
P update database between gnupg versions Security 1
Similar threads
NTP 482 NTP Version 2, private message
SOLVED ModSecurity cPanel False Info on version 92.0.4?
Apache TLS 1.0 support Cpanel 90 version
Shared Hosting, PHP Version Changed, Accidental or Malicious?
update database between gnupg versions
Top Bottom