The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

upgrade openssl

Discussion in 'General Discussion' started by merlinpa1969, Aug 5, 2008.

  1. merlinpa1969

    merlinpa1969 Well-Known Member

    Joined:
    Dec 3, 2003
    Messages:
    108
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    PA
    cPanel Access Level:
    Root Administrator
    Hello,
    I have an interesting question,

    PCI Compliance scans require openssl to be at 0.9.8c or higher.
    and ssh need to be at 5.1

    the issue we are running into is that the system only shows 0.9.8b and ssh at 4.9


    we have been informed by the data center that manually updating openssl will break c-panel.

    we have see this on 2 servers at this new datacenter. where after updating openssl and ssh that we are unable to generate CSR's

    What is the proper way to update to be PCI Compliant without breaking c-panel?
     
  2. bls24

    bls24 Well-Known Member

    Joined:
    May 12, 2007
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    I've been told by mine that if problems occur an OS reinstall would pretty much be mandatory!

    I haven't been brave enough to try it yet. Wonder why it is so hard to upgrade?
     
  3. merlinpa1969

    merlinpa1969 Well-Known Member

    Joined:
    Dec 3, 2003
    Messages:
    108
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    PA
    cPanel Access Level:
    Root Administrator
    I have discovered that using the newest redhat kernel will pass even though the banner says 0.9.8b
     
  4. bls24

    bls24 Well-Known Member

    Joined:
    May 12, 2007
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    Does that actually upgrade the security patches, too?
     
  5. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    you ask them to make an exception as a good scanning company will that some Linux distros are back-port fixed to the latest version
     
  6. Biotron2000

    Biotron2000 Active Member

    Joined:
    Jul 20, 2004
    Messages:
    41
    Likes Received:
    0
    Trophy Points:
    6
    Can it be done?

    Has anyone yet found a way to upgrade OpenSSL that won't fry the server? We need to get ours into compliance as well.
    All cPanel Support has to say is:

    Any ideas out there?

    Thanks,
    Patrick
     
  7. merlinpa1969

    merlinpa1969 Well-Known Member

    Joined:
    Dec 3, 2003
    Messages:
    108
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    PA
    cPanel Access Level:
    Root Administrator
    Nope
    and its funny, its not cpanels problem but its the cpanel version of this software that is causing the issues,

    I mean when you are told outright that updating things manually will cause issues there is a problem........

    the issue that we had with upgrading openssl was we could no longer creats CSRs


    however if you are keeping your kernel and your cpanel uptodate then you will be fine....and it should pas PCI Compliance
     
  8. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,461
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    We don't provide OpenSSL.

    OpenSSL is provided by the Operating System Vendor (e.g. RedHat, CentOS, etc). We only use what they provide.

    As mentioned above, you need to contact your PCI Compliance Auditor and provide information that you are using OpenSSL packages provided by your Operating System vendor, who backports patches (if your OS vendor does do so. RedHat does).
     
  9. merlinpa1969

    merlinpa1969 Well-Known Member

    Joined:
    Dec 3, 2003
    Messages:
    108
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    PA
    cPanel Access Level:
    Root Administrator
    Thats fine however you still have not explained WHY manually upgrading openssl and openssh cause issues with creating a csr...

    Why is it recommended NOT to upgrade the software if your using cpanel
     
  10. SB-Nick

    SB-Nick Well-Known Member

    Joined:
    Aug 26, 2008
    Messages:
    134
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    We have been upgrading OpenSSL for PCI compliance on some cPanel boxes without any problem.
    Did you try to upgrade it? If so, what error are you getting?
     
  11. merlinpa1969

    merlinpa1969 Well-Known Member

    Joined:
    Dec 3, 2003
    Messages:
    108
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    PA
    cPanel Access Level:
    Root Administrator
    Yes we did upgrade it,
    redhat5

    causes issues

    you are not able to create CSR's it goes through the motion but dosnt create it
     
  12. SB-Nick

    SB-Nick Well-Known Member

    Joined:
    Aug 26, 2008
    Messages:
    134
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Hello,

    Did you double check you are using the updated openssl binaries?
     
Loading...

Share This Page