Skip to main content

EasyApache Using Different OpenSSL From Server Shell

Avalon
Going through some of the settings I realized that EasyApache, which I recently used to update to Apache 2.4 is using a different version of OpenSSL from what the command line is report. According to Apache and PHP, the OpenSSL version is: OpenSSL 1.0.1e-fips 11 Feb 2013 Whereas the updated server version is: OpenSSL 1.0.2a-fips 19 Mar 2015 I couldn't find any documentation on this but how can I get EasyApache to utilize the server version? Or, if it's possible (as an Apache rebuild takes quite a bit of time), swap out the older version for the server version? I went through the effort of having OpenSSL updated so that we could specify the DHParameters key but since Apache is using the older OpenSSL it kicks back by saying the parameter is invalid and falls back on the configuration. The server runs CloudLinux and I have already ensured that the cages where synced.

Comments

4 comments

Date Votes
  • cPanelMichael
    Hello, You may find the following thread helpful:
    0
  • Avalon
    Hello, You may find the following thread helpful:
    0
  • cPanelMichael
    I took a look at the workaround but EasyApache still elects to use OpenSSL 1.0.1e as opposed to the system version.

    You may want to post to that thread to see if the original author can assist you with the custom workaround. Thank you.
    0
  • Avalon
    You may want to post to that thread to see if the original author can assist you with the custom workaround. Thank you.

    I had actually spoken to cPanel support. They said that it's just simply no longer possible to overrule EasyApache when it comes to the matter of OpenSSL and CurlSSL unfortunately. Silly when you think about it but nevertheless it's the same answer I got from three different sources after reaching out. It accepts pretty much every other override still however. Interestingly, there's a post from April but they were facing issues with WHM afterwards. Perhaps distribution specific? It really doesn't matter anymore as we can execute what we needed the new libraries for from the shell or by sending it to another machine in the cluster. The best we were able to get it to do was override the headers:
    OpenSSL support enabled OpenSSL Library Version OpenSSL 1.0.1e-fips 11 Feb 2013 OpenSSL Header Version OpenSSL 1.0.2a-fips 19 Mar 2015
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post