httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pete Houston <...@openstrike.co.uk>
Subject Re: [users@httpd] OpenSSL version used by Httpd
Date Wed, 21 Jan 2015 10:25:19 GMT
On Wed, Jan 21, 2015 at 03:44:43PM +0530, srihari na wrote:
> However from external/client side how can I verify which is the exact
> version of openssl libraries being used during communication. Please help.

In your httpd.conf specify

	ServerTokens Full

Then from the client side you can inspect the headers for the OpenSSL
version. eg: http://httpd.apache.org/ currently reports:

	Server: Apache/2.4.11 (Unix) OpenSSL/1.0.1l

See http://httpd.apache.org/docs/2.2/mod/core.html#servertokens
You might consider this as information leakage so may not wish to leave
it permanently enabled.

Pete
-- 
Openstrike - improving business through open source
http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107

Mime
View raw message