I have CentOS release 6.2 (Final) installed on my server. I have updated openssl from openssl source file "openssl-1.0.1g.tar.gz". But when i check it through openssl version command it shows me "OpenSSL 1.0.1g 7 Apr 2014" which is correct and updated one.
But when i check using "rpm -q openssl" command it gives me
"openssl-1.0.1e-16.el6_5.4.x86_64" this ouput that should be 5.7. And also when i use
rpm -q –changelog openssl then it gives me below output
* Tue Jan 07 2014 Tomáš Mráz 1.0.1e-16.4
– fix CVE-2013-4353 – Invalid TLS handshake crash
- Mon Jan 06 2014 Tomáš Mráz 1.0.1e-16.3
-
fix CVE-2013-6450 – possible MiTM attack on DTLS1
-
Fri Dec 20 2013 Tomáš Mráz 1.0.1e-16.2
- fix CVE-2013-6449 – crash when version in SSL structure is incorrect
Where it should show as below output
* Mon Apr 07 2014 Tomáš Mráz 1.0.1e-16.7
– fix CVE-2014-0160 – information disclosure in TLS heartbeat extension
i.e the updated one Apr 07 2014.
How do i resolve this problem? Please help.
I have successfully updated to 1.0.1g.
openssl version shows "OpenSSL 1.0.1g 7 Apr 2014".
rpm -q openssl shows "openssl-1.0.1e-16.el6_5.7.x86_64"
rpm -q –changelog openssl gives output as
* Mon Apr 07 2014 Tomáš Mráz 1.0.1e-16.7
– fix CVE-2014-0160 – information disclosure in TLS heartbeat extension
* Tue Jan 07 2014 Tomáš Mráz 1.0.1e-16.4
– fix CVE-2013-4353 – Invalid TLS handshake crash
* Mon Jan 06 2014 Tomáš Mráz 1.0.1e-16.3
– fix CVE-2013-6450 – possible MiTM attack on DTLS1
But when i check my server-status page it shows me ssl version as "Apache/2.4.9 (Unix) OpenSSL/1.0.1e-fips".
I have stop and started my apache server. Also i have changed my certificate and key.
Is i need to need anything more. Please help
Best Answer
The reason for this is that you currently have two
opensslpackages installed on your system:openssl-1.0.1g.tar.gz