'openssl', version '1.0.1e', is out of date, and possibly a security risk.

postcd

Well-Known Member
Oct 22, 2010
717
19
68
Hello,

i have CentOS 6.7 and cpanel on it.

from rkhunter i got this warning:

Warning: Application 'openssl', version '1.0.1e', is out of date, and possibly a security risk.

# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

WHM 11.52.0 (build 22)

How should i safely fix it while not reducing functionality & security of the SSL on the server?
 

cotswoldphoto

Active Member
Feb 20, 2015
25
3
3
cPanel Access Level
Root Administrator
I would read this:

Rkhunter reports openssl warning

I tend to test my site using the SSL Server Test (Powered by Qualys SSL Labs) test suite, although I DO add my own custom Pre Main Include to alter the cipher suites, like this:

Home » Service Configuration » Apache Configuration » Include Editor » Pre Main Include » All versions

In the Global Box delete what is there and paste this:

Code:
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
It is possible that this needs updating for newer standards (please advise me if it does), but it works for me.