httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Iliffe <>
Subject Re: [users@httpd] Forcing openssl version 1.0.1m
Date Thu, 07 May 2015 00:26:56 GMT
Look at the first entry in the error log when you restart Apache.  It should 
show the version of OpenSSL and whether it started properly.

On Wednesday 06 May 2015 12:17:48 Daryl Rose wrote:
> Do to security vulnerabilities with OpenSSL, I've had to recompile
> Apache 2.4.12 with OpenSSL version 1.0.1.m. The team that controls the
> web servers doesn't want me to install into the same installation
> directory, but rather into a separate directory.  They then copy config
> files and whatever they need into the new installation and then start
> Apache from there. I compiled from source on a separate server, then
> created a tarball which I dropped onto the actual web servers. The
> first time that I did this, I did a "curl --head http://localhost" to
> verify the OpenSSL version.  I got back that the OpenSSL version was
> still 1.0.1j.  So, I recompiled, verified on the server that I used to
> compile on and verified that OpenSSL 1.0.1m was what was compiled into
> Apache.  I then tarballed everything up, copied it over to the web
> servers, dropped into place and turned over to the internet team.  I
> was just informed that OpenSSL is still pointed to 1.0.1j. The only
> thing that I can think of is that the internet team must have something
> in a config file somewhere that is actually calling OpenSSL  1.0.1j. 
> Can that be possible?  Other than doing a "curl --head
> http://localhost", how can I tell what version of OpenSSL is being
> used? Thanks
> Daryl

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message