Page 1 of 1
OpenSSL version seems to be incorrect
Posted:
21. March 2016 09:23
by fisnmong3r
Hi Everyone,
I've just installed a brand new XAMPP on Win Server 2012 R2.
According to the below page it should contain OpenSSL 1.0.2g:
https://www.apachefriends.org/blog/new_xampp_20160304.html
But in phpinfo() I can see OpenSSL version 1.0.2d instead. So that the vulnerabilit scans keep reporting DROWN (CVE-2016-0703).
Can you please let me know how can I upgrade to OpenSSL 1.0.2g on XAMPP for Windows?
Thank you in advance.
Regards,
fishmong3r
Re: OpenSSL version seems to be incorrect
Posted:
21. March 2016 11:32
by Altrea
Hi,
No. Read carefully. OpenSSL is upgraded only for the Linux and Mac OS X versions of XAMPP.
XAMPP for Windows is based on the Apache Lounge releases and they updated OpenSSL with Apache 2.4.18
best wishes,
Altrea
P.S.: Don't use XAMPP for anything else exept local test and development environments.
Re: OpenSSL version seems to be incorrect
Posted:
25. March 2016 18:56
by abeltran1973
Altrea,
Can you provide a manula way to upadte OpenSSL in windiows systems without having to wait on Apache Lounge release that incorporates latest?
Re: OpenSSL version seems to be incorrect
Posted:
25. March 2016 19:12
by abeltran1973
Altrea,
I found my answer on how to manulayy update OpenSSL in windows runnign Xampp.
Re: HEARTBLEED Bug Open SSL
by stateside ยป 10. April 2014 00:03
go to http://slproweb.com/products/Win32OpenSSL.html
If on windows, download and install the 32 bit on your machine.
copy the openssl.cnf (cfg? may need renamed) from the new installation \bin file to:
xampp\apache\conf\openssl.cnf
Copy the libeay32.dll, ssleay32.dll and openssl.exe from the new installation bin to:
xampp\apache\bin\libeay32.dll
xampp\apache\bin\ssleay32.dll
xampp\apache\bin\openssl.exe
Restart your server.
If all is good, go to control panel,add remove and remove the Win32OpenSSL.
stateside Posts: 2Joined: 09. April 2014 23:56XAMPP Version: 5.6.3Operating System: Windows Server/Mac OSX/Linux
Re: OpenSSL version seems to be incorrect
Posted:
06. April 2016 15:35
by jeeberpow
I've done this twice in recent years - upgrading to the newest openssl in a windows XAMPP setup.
Downloaded and installed the 32bit from http://slproweb.com/products/Win32OpenSSL.html
Copied the cfg and 3 other files from its bin folder over to the XAMPP installation.
Most recently (today) I found I could not get apache to start unless I copied all of the openssl bin/* files into the apache bin folder. So not just libeay32.dll, ssleay32.dll and openssl.exe but all of them. At that point apache started up fine and was running the latest openssl.