Wednesday 9 April 2014

Determine openssl version in apache

With the Heartbleed bug vulnerability around there is a need to determine the version on openssl used on apache systems

The status of the versions of Openssl affected are:

  • OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
  • OpenSSL 1.0.1g is NOT vulnerable
  • OpenSSL 1.0.0 branch is NOT vulnerable
  • OpenSSL 0.9.8 branch is NOT vulnerable

How to determine the version of openssl that is being run in the apache installation on windows.

Open the command line and navigate to the apache/bin directory and use the following line

openssl version -a

To check openssl vulnerabilities in apache based sites use the online tool at:

http://filippo.io/Heartbleed

No comments:

Post a Comment