Page 1 of 1

OpenSSL Issue

PostPosted: 16. June 2014 12:02
by tepet123
Hello Guys,
Its Me Again!.
Today Im Going To Asking You About The Latest OpenSSL (1.0.1h).
Currently Im Using Old Xampp (1.6.8) with Apache (2.2.9/2.2.x) include OpenSSL (0.9.8i) which were released on 15 Sep 2008. A Bit Older?.
OpenSSL Vuln Refer : http://www.openssl.org/news/vulnerabilities.html

Okay,The Questions is Below :
1. Is That Available to Upgrade the OpenSSL 0.9.8i to 1.0.1h or even (0.9.8za) to fix (june) vulnerabilities ? (If It is Available How To Upgrade ? is there's any guide?)
2. Does OpenSSL 1.0.1(a-h) support for apache (2.2.9/2.2.x) ?

Thank You Mr/Mrs.

Re: OpenSSL Issue

PostPosted: 17. June 2014 05:27
by Altrea
Hi tepet123,

tepet123 wrote:1. Is That Available to Upgrade the OpenSSL 0.9.8i to 1.0.1h or even (0.9.8za) to fix (june) vulnerabilities ?

No. If XAMPP is used for what it is designed for (as local test and development environment), this vulnerability should not be critical for you.

tepet123 wrote:2. Does OpenSSL 1.0.1(a-h) support for apache (2.2.9/2.2.x) ?

Yes, but the OpenSSL package needs to be compiled against this specific Apache build.

best wishes,
Altrea

Re: OpenSSL Issue

PostPosted: 20. June 2014 08:28
by tepet123
hurm.
as i can see im using this xampp in public for games webserver.
i am games developers.
so it must be critical for me to update the OPENSSL.
can you let me know how can i do this?

Re: OpenSSL Issue

PostPosted: 24. June 2014 12:19
by tepet123
look.
im still waiting for anyone that are able to help me.
please post here.
thank you

Re: OpenSSL Issue

PostPosted: 24. June 2014 12:40
by Altrea
tepet123 wrote:as i can see im using this xampp in public for games webserver.

You are using XAMPP in a way it is not meant for.
=> [INFO] How to not fail getting help here
Scope of support wrote:Evaluate if your topic is in scope of support of our board. We don't want to provide...
[...]
...support for live, production or public accessible environments.
XAMPP is not configurated for such environments (default passwords, many activated and probably unnecessary modules, not tweaked for performance, scalability, stability or security). This board does have several entrys about hacked XAMPP installations because of using unprotected XAMPP installations in not supported environments. XAMPP don't want to fit every possible use case and there are other (also free) alternatives for such environments.


tepet123 wrote:so it must be critical for me to update the OPENSSL.

That is not the problem of XAMPP.

tepet123 wrote:can you let me know how can i do this?

Install and configure the needed single components on your own, that is much more secure.
Or use a Stack that is meant for production or live environments.