How to Check Which OpenSSL Version is Used by Apache on Ubuntu 12.04

12.04Apache2openssl

I have installed Ubuntu12.04 on my machine and it got heartBleed version of OpenSSL 1.0.1. So I uninstalled OpenSSL 1.0.1 and install new 1.0.1g version by refering this link.

Now I want to confirm that the "Apache 2.2.22" available on Ubuntu 12.04 is using 1.0.1g and not 1.0.1 version of OpenSSL. How will I confirm this?

Best Answer

$ apt-cache policy openssl
openssl: Installed: xxx

"Installed: xxx" shows the currently installed version of openssl. Heartbleed is fixed in the following package versions (or later):

Ubuntu 13.10: libssl1.0.0 1.0.1e-3ubuntu1.2

Ubuntu 12.10: libssl1.0.0 1.0.1c-3ubuntu2.7

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.12

If your installed package version is lower than these, then your system is vulnerable to Heartbleed.