Ubuntu – How to check which OpenSSL version is use by Apache on Ubuntu 12.04

12.04Apache2openssl

I have installed Ubuntu12.04 on my machine and it got heartBleed version of OpenSSL 1.0.1. So I uninstalled OpenSSL 1.0.1 and install new 1.0.1g version by refering this link.

Now I want to confirm that the "Apache 2.2.22" available on Ubuntu 12.04 is using 1.0.1g and not 1.0.1 version of OpenSSL. How will I confirm this?

Best Answer

$ apt-cache policy openssl
openssl: Installed: xxx

"Installed: xxx" shows the currently installed version of openssl. Heartbleed is fixed in the following package versions (or later):

Ubuntu 13.10: libssl1.0.0 1.0.1e-3ubuntu1.2

Ubuntu 12.10: libssl1.0.0 1.0.1c-3ubuntu2.7

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.12

If your installed package version is lower than these, then your system is vulnerable to Heartbleed.

Related Solutions

Ubuntu – How force that all connections to the Apache use TLSv1.1 or TLSv1.2

Setting SSLCipherSuite with just ciphers that are just supported in TLSv1.2 bypass the Apache 2.2 limitation of parse TLSv1.1 string to limited TLS to version over 1.0.

Ubuntu – Upgrade OpenSSL on Ubuntu 12.04

NOTICE: this question and answer pre-date the OpenSSL bug, Heartbleed.

First you need to completely remove the old installation: (this will break most systems! Be careful! Most people will regret this) apt-get purge openssl

You may want to clean house by running:

apt-get autoremove && apt-get autoclean

Then you should download and compile the version you want (full list)

wget https://www.openssl.org/source/openssl-1.0.1g.tar.gz

Best Answer

Related Solutions

Ubuntu – How force that all connections to the Apache use TLSv1.1 or TLSv1.2

Ubuntu – Upgrade OpenSSL on Ubuntu 12.04

Related Question