'openssl', version '1.0.1e', is out of date, and possibly a security risk.

postcd

• November 19, 2015 19:54

Hello, i have CentOS 6.7 and cpanel on it. from rkhunter i got this warning: Warning: Application 'openssl', version '1.0.1e', is out of date, and possibly a security risk. # openssl version OpenSSL 1.0.1e-fips 11 Feb 2013 WHM 11.52.0 (build 22) How should i safely fix it while not reducing functionality & security of the SSL on the server?

• 

  cotswoldphoto

  • November 22, 2015 10:29

  I would read this: Rkhunter reports openssl warning I tend to test my site using the SSL Server Test (Powered by Qualys SSL Labs) test suite, although I DO add my own custom Pre Main Include to alter the cipher suites, like this: Home " Service Configuration " Apache Configuration " Include Editor " Pre Main Include " All versions In the Global Box delete what is there and paste this:
  SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2 SSLHonorCipherOrder On SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
  It is possible that this needs updating for newer standards (please advise me if it does), but it works for me.

  0
• 

  cPanelMichael

  • November 23, 2015 20:31

  Hello :) There's a post about this at: OpenSSL Heartbleed Bug (< 1.0.1g) - Encryption keys at risk Thank you.

  0

Please sign in to leave a comment.