OpenSSL updates
Hello,
Why hasn't OpenSSL version been updated for years?
On EA3 server:
root@server [~]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
root@server [~]# rpm -qa | grep openssl
alt-openssl-libs-1.0.2k-2.el6.cloudlinux.10.x86_64
openssl-1.0.1e-57.el6.x86_64
openssl-devel-1.0.1e-57.el6.x86_64
On EA4 server:
root@server2:/# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
root@server2:/# rpm -qa | grep openssl
ea-openssl-1.0.2k-5.el7.cloudlinux.1.x86_64
openssl-devel-1.0.1e-60.el7_3.1.x86_64
alt-openssl-libs-1.0.2k-2.el7.cloudlinux.10.x86_64
openssl-1.0.1e-60.el7_3.1.x86_64
openssl-libs-1.0.1e-60.el7_3.1.x86_64
How can customers use version 1.0.2k?
Changelog:
/news/changelog.html
-
This thread should be of some use: SOLVED - OpenSSL 1.01e 0 -
That thread did not solve anything. 1.0.1 is not supported anymore so I'm wondering why it is still used on all our cPanel servers? OpenSSL - Wikipedia 0 -
Hello, OpenSSL is provided by the operating system (e.g. CentOS, Red Hat) and is not a package that's developed or published by cPanel. You may find the following command helpful to see which patches have been backported to the version of openssl installed on your system: rpm -q --changelog openssl | grep CVE
It lists the patches included with the RPM, as the version number will not always change after an update. Also, since you are using CloudLinux, they provide updates to the OpenSSL package. Here's their latest blog post regarding openssl: OpenSSL updated for CloudLinux 6 and CloudLinux 7 Thank you.0
Please sign in to leave a comment.
Comments
3 comments