This system is running an outdated version of OpenSSL

Felipe Fernandez

Registered
Apr 21, 2019
1
0
1
Spain
cPanel Access Level
Root Administrator
Cpanel
  • CENTOS 7.4 xen enterprise hvm
  • v76.0.20
  • OpenSSL 1.0.2k-fips 26 Jan 2017
Still see this warning
Blockers are conditions that do not allow cPanel & WHM to upgrade to a particular version. For more information, read our documentation.


Severity
Blocker Message
FATAL This system is running an outdated version of OpenSSL (1.0.1e), which will need to be updated to at least 1.0.2e to continue.

[[email protected] ... ~]# yum -y update
Loaded plugins: fastestmirror, universal-hooks
Loading mirror speeds from cached hostfile
* EA4: 70.87.220.252
* cpanel-addons-production-feed: 70.87.220.252
* epel: fedora-epel.mirror.lstn.net
No packages marked for update


How I fix the FATAL error ?'

Thanks
 
Last edited by a moderator:

mommaroodle

Registered
Nov 27, 2018
1
0
1
South Africa
cPanel Access Level
Root Administrator
I really cant understand why support for TLSv1.3 is not implemented already!

The cPanel documentation states that cPanel uses the OpenSSL version that comes with the operating system. So if one had to manually upgrade and install OpenSSL v1.1.1b, it should only be a matter of setting the SSL protocol and cipher suites and maybe any other adjustment and it should work.

I have Centos 7.6 and have installed OpenSSLv1.1.1b - now the only thing that I seem to be battling with the entries - the correct ssl protocols in order for support for v1.2 and 1.3 and then the cipher suites and as I said any other directives which is necessary.

So there must be a way now to be able to get this to work. There is 7 months left before there is no more support for the current default version.

According to OpenSSL.org they state the following:

Our previous LTS version (1.0.2 series) will continue to be supported until 31st December 2019 (security fixes only during the last year of support).
This year is the last year of support!!
 
Last edited by a moderator:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
Hello @mommaroodle

There is an open feature request here: Add Support for TLS 1.3 for this. I would encourage you to voice your concerns there and become a part of that discussion as well as vote on the feature.
Thanks!