[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Bug-Travel
- Subject: Re: [cobalt-security] Bug-Travel
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Tue, 21 Jan 2003 13:48:11 +0100
- Organization: SOLARSPEED.NET
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Bruce,
> Also, when I restart Apache after installing the OpenSSL RPMS, it
> still shows "...OpenSSL/0.9.6b..." in the signature string. I don't
> know if this is dynamic or compiled in someplace...
The reference "OpenSSL/0.9.6b" in the Apache banner is because Mod_SSL
(/usr/lib/apache/libssl.so) is compiled against OpenSSL/0.9.6b.
To verify this you can run the following command from the command line:
strings /usr/lib/apache/libssl.so|grep OpenSSL
To upgrade the SSL version which Apache uses you'd need to recompile Mod_SSL
against a newer OpenSSL. This can be done without recompiling Apache due to
its modular architecture, however, you need to have the Apache-1.3.20 sources
handy (from the old SRPM on the Cobalt FTP site, for instance).
I did that once with my free Mod_SSL upgrade PKG when Slapper & Scalper
surfaced and before Sun Cobalt had the Apache patch ready.
--
With best regards,
Michael Stauber