Updated the openssl version, but the old version still appears as being usedhow to upgrade openssl for apache 2.2.29 - still using old 0.9.8 versionHow to get httrack to work with SSL on mac os x? (libssl.so not found)Fixing nginx 1.4.6 dependency on old openssl version (libssl0.9.8)?Heartbleed: how to reliably and portably check the OpenSSL version?Server still vulnerable to HeartBleed after Openssl updateCan I upgrade OpenSSL version used by apache without recompiling the server but just mod_ssl?OpenSSL Header Version != OpenSSL Library Version affecting HTTP/2 for APNSopenssl version keeps the old oneCentos 5.11 OpenSSL TLS 1.2 for PaypalWhy is there openSSL version difference?TLS1.3 not working on nginx 1.15.2 with OpenSSL 1.1.1-pre9
Compaq Portable vs IBM 5155 Portable PC
Is it true that cut time means "play twice as fast as written"?
My players want to grind XP but we're using milestone advancement
Why does Mjolnir fall down in Age of Ultron but not in Endgame?
Why would Ryanair allow me to book this journey through a third party, but not through their own website?
Is it legal to meet with potential future employers in the UK, whilst visiting from the USA
Did 20% of US soldiers in Vietnam use heroin, 95% of whom quit afterwards?
Is Jon Snow the last of his House?
The art of clickbait captions
Apt - strange requests to d16r8ew072anqo.cloudfront.net:80
I know that there is a preselected candidate for a position to be filled at my department. What should I do?
What is a fully qualified name?
Does pair production happen even when the photon is around a neutron?
Can a British citizen living in France vote in both France and Britain in the European Elections?
Should one buy new hardware after a system compromise?
How to let other coworkers know that I don't share my coworker's political views?
Count rotary dial pulses in a phone number (including letters)
NIntegrate doesn't evaluate
Defining the standard model of PA so that a space alien could understand
In the 3D Zeldas, is it faster to roll or to simply walk?
Why isn't 'chemically-strengthened glass' made with potassium carbonate to begin with?
Can I summon an otherworldly creature with the Gate spell without knowing its true name?
Can I tell a prospective employee that everyone in the team is leaving?
Why did Jon Snow do this immoral act if he is so honorable?
Updated the openssl version, but the old version still appears as being used
how to upgrade openssl for apache 2.2.29 - still using old 0.9.8 versionHow to get httrack to work with SSL on mac os x? (libssl.so not found)Fixing nginx 1.4.6 dependency on old openssl version (libssl0.9.8)?Heartbleed: how to reliably and portably check the OpenSSL version?Server still vulnerable to HeartBleed after Openssl updateCan I upgrade OpenSSL version used by apache without recompiling the server but just mod_ssl?OpenSSL Header Version != OpenSSL Library Version affecting HTTP/2 for APNSopenssl version keeps the old oneCentos 5.11 OpenSSL TLS 1.2 for PaypalWhy is there openSSL version difference?TLS1.3 not working on nginx 1.15.2 with OpenSSL 1.1.1-pre9
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
I updated to openssl 1.0.2h, but when I hit
lsof | grep -i libssl
I still get 1.0.1e
nginx 19645 nginx mem REG 182,420273 441256 398853 /usr/lib64/libssl.so.1.0.1e
I tried restarting nginx, apache and mysql, but the old version still remains although openssl version returns
OpenSSL 1.0.2h 3 May 2016
I followed the tutorial from here.
Also, before I posted this, I followed the answer from here.
Do you know how I can make it use the latest version?
ssh ssl openssl
edited Apr 13 '17 at 12:14
Community♦
1
asked Jul 13 '16 at 15:49
Punct UlicaPunct Ulica
11
|
show 8 more comments
I updated to openssl 1.0.2h, but when I hit
lsof | grep -i libssl
I still get 1.0.1e
nginx 19645 nginx mem REG 182,420273 441256 398853 /usr/lib64/libssl.so.1.0.1e
I tried restarting nginx, apache and mysql, but the old version still remains although openssl version returns
OpenSSL 1.0.2h 3 May 2016
I followed the tutorial from here.
Also, before I posted this, I followed the answer from here.
Do you know how I can make it use the latest version?
ssh ssl openssl
edited Apr 13 '17 at 12:14
Community♦
1
asked Jul 13 '16 at 15:49
Punct UlicaPunct Ulica
11
1
Did you restartnginx?
– garethTheRed
Jul 13 '16 at 15:52
Yep. Unfortunately, it didn't do the trick. Not only nginx uses the old version of ssl, but also apache, mysql, postfix, root etc.
– Punct Ulica
Jul 13 '16 at 15:52
In additon to @garethTheRed's question, how did you install openssl and nginx? What OS is this?
– EEAA
Jul 13 '16 at 15:52
3
Can you answer @EEAA's question about how you installed it?
– garethTheRed
Jul 13 '16 at 16:09
1
Maybe you should consider reverting to usingrpmfor your package and install 1.0.1e from the repo? That should be patched.
– garethTheRed
Jul 14 '16 at 9:28
|
show 8 more comments
I updated to openssl 1.0.2h, but when I hit
lsof | grep -i libssl
I still get 1.0.1e
nginx 19645 nginx mem REG 182,420273 441256 398853 /usr/lib64/libssl.so.1.0.1e
I tried restarting nginx, apache and mysql, but the old version still remains although openssl version returns
OpenSSL 1.0.2h 3 May 2016
I followed the tutorial from here.
Also, before I posted this, I followed the answer from here.
Do you know how I can make it use the latest version?
ssh ssl openssl
edited Apr 13 '17 at 12:14
Community♦
1
asked Jul 13 '16 at 15:49
Punct UlicaPunct Ulica
11
I updated to openssl 1.0.2h, but when I hit
lsof | grep -i libssl
I still get 1.0.1e
nginx 19645 nginx mem REG 182,420273 441256 398853 /usr/lib64/libssl.so.1.0.1e
I tried restarting nginx, apache and mysql, but the old version still remains although openssl version returns
OpenSSL 1.0.2h 3 May 2016
I followed the tutorial from here.
Also, before I posted this, I followed the answer from here.
Do you know how I can make it use the latest version?
ssh ssl openssl
ssh ssl openssl
edited Apr 13 '17 at 12:14
Community♦
1
asked Jul 13 '16 at 15:49
Punct UlicaPunct Ulica
11
edited Apr 13 '17 at 12:14
Community♦
1
asked Jul 13 '16 at 15:49
Punct UlicaPunct Ulica
11
edited Apr 13 '17 at 12:14
Community♦
1
edited Apr 13 '17 at 12:14
Community♦
1
edited Apr 13 '17 at 12:14
Community♦
1
1
asked Jul 13 '16 at 15:49
Punct UlicaPunct Ulica
11
asked Jul 13 '16 at 15:49
Punct UlicaPunct Ulica
11
asked Jul 13 '16 at 15:49
Punct UlicaPunct Ulica
11
11
1
Did you restartnginx?
– garethTheRed
Jul 13 '16 at 15:52
Yep. Unfortunately, it didn't do the trick. Not only nginx uses the old version of ssl, but also apache, mysql, postfix, root etc.
– Punct Ulica
Jul 13 '16 at 15:52
In additon to @garethTheRed's question, how did you install openssl and nginx? What OS is this?
– EEAA
Jul 13 '16 at 15:52
3
Can you answer @EEAA's question about how you installed it?
– garethTheRed
Jul 13 '16 at 16:09
1
Maybe you should consider reverting to usingrpmfor your package and install 1.0.1e from the repo? That should be patched.
– garethTheRed
Jul 14 '16 at 9:28
|
show 8 more comments
1
Did you restartnginx?
– garethTheRed
Jul 13 '16 at 15:52
Yep. Unfortunately, it didn't do the trick. Not only nginx uses the old version of ssl, but also apache, mysql, postfix, root etc.
– Punct Ulica
Jul 13 '16 at 15:52
In additon to @garethTheRed's question, how did you install openssl and nginx? What OS is this?
– EEAA
Jul 13 '16 at 15:52
3
Can you answer @EEAA's question about how you installed it?
– garethTheRed
Jul 13 '16 at 16:09
1
Maybe you should consider reverting to usingrpmfor your package and install 1.0.1e from the repo? That should be patched.
– garethTheRed
Jul 14 '16 at 9:28
1
1
Did you restart
nginx?– garethTheRed
Jul 13 '16 at 15:52
Did you restart
nginx?– garethTheRed
Jul 13 '16 at 15:52
Yep. Unfortunately, it didn't do the trick. Not only nginx uses the old version of ssl, but also apache, mysql, postfix, root etc.
– Punct Ulica
Jul 13 '16 at 15:52
Yep. Unfortunately, it didn't do the trick. Not only nginx uses the old version of ssl, but also apache, mysql, postfix, root etc.
– Punct Ulica
Jul 13 '16 at 15:52
In additon to @garethTheRed's question, how did you install openssl and nginx? What OS is this?
– EEAA
Jul 13 '16 at 15:52
In additon to @garethTheRed's question, how did you install openssl and nginx? What OS is this?
– EEAA
Jul 13 '16 at 15:52
3
3
Can you answer @EEAA's question about how you installed it?
– garethTheRed
Jul 13 '16 at 16:09
Can you answer @EEAA's question about how you installed it?
– garethTheRed
Jul 13 '16 at 16:09
1
1
Maybe you should consider reverting to using
rpm for your package and install 1.0.1e from the repo? That should be patched.– garethTheRed
Jul 14 '16 at 9:28
Maybe you should consider reverting to using
rpm for your package and install 1.0.1e from the repo? That should be patched.– garethTheRed
Jul 14 '16 at 9:28
|
show 8 more comments
2 Answers
2
active
oldest
votes
You may run ldd /path/to/nginx to see how it's linked.
answered Jul 15 '16 at 7:45
gbajsongbajson
1467
add a comment |
You are solving this problem the wrong way. You need to understand Red Hat's patching policy (CentOS following upstream as it does, this is therefore CentOS's patching policy as well).
As long as C6 is supported (ie, until 2020-11-30), and as long as you keep your C6 box fully up-to-patch, you will be running non-vulnerable versions of OpenSSL even though the OpenSSL version number does not change.
Once you start building your own version of OpenSSL, you will find you have to rebuild (or at least relink) lots of major tools, to get them to pick up your handbuilt version, and you will have to do this each time a new version of OpenSSL comes out. It is a slough of despond, it is completely pointless, and it is unprofessional to boot.
answered Jul 15 '16 at 7:58
MadHatterMadHatter
70.8k11147207
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f789617%2fupdated-the-openssl-version-but-the-old-version-still-appears-as-being-used%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
You may run ldd /path/to/nginx to see how it's linked.
answered Jul 15 '16 at 7:45
gbajsongbajson
1467
add a comment |
You may run ldd /path/to/nginx to see how it's linked.
answered Jul 15 '16 at 7:45
gbajsongbajson
1467
add a comment |
You may run ldd /path/to/nginx to see how it's linked.
answered Jul 15 '16 at 7:45
gbajsongbajson
1467
You may run ldd /path/to/nginx to see how it's linked.
answered Jul 15 '16 at 7:45
gbajsongbajson
1467
answered Jul 15 '16 at 7:45
gbajsongbajson
1467
answered Jul 15 '16 at 7:45
gbajsongbajson
1467
answered Jul 15 '16 at 7:45
gbajsongbajson
1467
1467
add a comment |
add a comment |
You are solving this problem the wrong way. You need to understand Red Hat's patching policy (CentOS following upstream as it does, this is therefore CentOS's patching policy as well).
As long as C6 is supported (ie, until 2020-11-30), and as long as you keep your C6 box fully up-to-patch, you will be running non-vulnerable versions of OpenSSL even though the OpenSSL version number does not change.
Once you start building your own version of OpenSSL, you will find you have to rebuild (or at least relink) lots of major tools, to get them to pick up your handbuilt version, and you will have to do this each time a new version of OpenSSL comes out. It is a slough of despond, it is completely pointless, and it is unprofessional to boot.
answered Jul 15 '16 at 7:58
MadHatterMadHatter
70.8k11147207
add a comment |
You are solving this problem the wrong way. You need to understand Red Hat's patching policy (CentOS following upstream as it does, this is therefore CentOS's patching policy as well).
As long as C6 is supported (ie, until 2020-11-30), and as long as you keep your C6 box fully up-to-patch, you will be running non-vulnerable versions of OpenSSL even though the OpenSSL version number does not change.
Once you start building your own version of OpenSSL, you will find you have to rebuild (or at least relink) lots of major tools, to get them to pick up your handbuilt version, and you will have to do this each time a new version of OpenSSL comes out. It is a slough of despond, it is completely pointless, and it is unprofessional to boot.
answered Jul 15 '16 at 7:58
MadHatterMadHatter
70.8k11147207
add a comment |
You are solving this problem the wrong way. You need to understand Red Hat's patching policy (CentOS following upstream as it does, this is therefore CentOS's patching policy as well).
As long as C6 is supported (ie, until 2020-11-30), and as long as you keep your C6 box fully up-to-patch, you will be running non-vulnerable versions of OpenSSL even though the OpenSSL version number does not change.
Once you start building your own version of OpenSSL, you will find you have to rebuild (or at least relink) lots of major tools, to get them to pick up your handbuilt version, and you will have to do this each time a new version of OpenSSL comes out. It is a slough of despond, it is completely pointless, and it is unprofessional to boot.
answered Jul 15 '16 at 7:58
MadHatterMadHatter
70.8k11147207
You are solving this problem the wrong way. You need to understand Red Hat's patching policy (CentOS following upstream as it does, this is therefore CentOS's patching policy as well).
As long as C6 is supported (ie, until 2020-11-30), and as long as you keep your C6 box fully up-to-patch, you will be running non-vulnerable versions of OpenSSL even though the OpenSSL version number does not change.
Once you start building your own version of OpenSSL, you will find you have to rebuild (or at least relink) lots of major tools, to get them to pick up your handbuilt version, and you will have to do this each time a new version of OpenSSL comes out. It is a slough of despond, it is completely pointless, and it is unprofessional to boot.
answered Jul 15 '16 at 7:58
MadHatterMadHatter
70.8k11147207
answered Jul 15 '16 at 7:58
MadHatterMadHatter
70.8k11147207
answered Jul 15 '16 at 7:58
MadHatterMadHatter
70.8k11147207
answered Jul 15 '16 at 7:58
MadHatterMadHatter
70.8k11147207
70.8k11147207
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f789617%2fupdated-the-openssl-version-but-the-old-version-still-appears-as-being-used%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
Did you restart
nginx?– garethTheRed
Jul 13 '16 at 15:52
Yep. Unfortunately, it didn't do the trick. Not only nginx uses the old version of ssl, but also apache, mysql, postfix, root etc.
– Punct Ulica
Jul 13 '16 at 15:52
In additon to @garethTheRed's question, how did you install openssl and nginx? What OS is this?
– EEAA
Jul 13 '16 at 15:52
3
Can you answer @EEAA's question about how you installed it?
– garethTheRed
Jul 13 '16 at 16:09
1
Maybe you should consider reverting to using
rpmfor your package and install 1.0.1e from the repo? That should be patched.– garethTheRed
Jul 14 '16 at 9:28