Hi Everyone,
I've just installed a brand new XAMPP on Win Server 2012 R2.
According to the below page it should contain OpenSSL 1.0.2g:
https://www.apachefriends.org/blog/new_xampp_20160304.html
But in phpinfo() I can see OpenSSL version 1.0.2d instead. So that the vulnerabilit scans keep reporting DROWN (CVE-2016-0703).
Can you please let me know how can I upgrade to OpenSSL 1.0.2g on XAMPP for Windows?
Thank you in advance.
Regards,
fishmong3r
OpenSSL version seems to be incorrect
5 posts
• Page 1 of 1
OpenSSL version seems to be incorrect
by fisnmong3r » 21. March 2016 09:23
- fisnmong3r
- Posts: 3
- Joined: 11. September 2014 11:27
- Operating System: Windows 2008
Re: OpenSSL version seems to be incorrect
by Altrea » 21. March 2016 11:32
Hi,
No. Read carefully. OpenSSL is upgraded only for the Linux and Mac OS X versions of XAMPP.
XAMPP for Windows is based on the Apache Lounge releases and they updated OpenSSL with Apache 2.4.18
best wishes,
Altrea
P.S.: Don't use XAMPP for anything else exept local test and development environments.
fisnmong3r wrote:According to the below page it should contain OpenSSL 1.0.2g:
https://www.apachefriends.org/blog/new_ ... 60304.html
No. Read carefully. OpenSSL is upgraded only for the Linux and Mac OS X versions of XAMPP.
XAMPP for Windows is based on the Apache Lounge releases and they updated OpenSSL with Apache 2.4.18
best wishes,
Altrea
P.S.: Don't use XAMPP for anything else exept local test and development environments.
We don't provide any support via personal channels like PM, email, Skype, TeamViewer!
It's like porn for programmers
It's like porn for programmers
-
Altrea - AF Moderator
- Posts: 11935
- Joined: 17. August 2009 13:05
- XAMPP version: several
- Operating System: Windows 11 Pro x64
Re: OpenSSL version seems to be incorrect
by abeltran1973 » 25. March 2016 18:56
Altrea,
Can you provide a manula way to upadte OpenSSL in windiows systems without having to wait on Apache Lounge release that incorporates latest?
Can you provide a manula way to upadte OpenSSL in windiows systems without having to wait on Apache Lounge release that incorporates latest?
- abeltran1973
- Posts: 3
- Joined: 25. March 2016 18:45
- Operating System: Windows 2008 R8
Re: OpenSSL version seems to be incorrect
by abeltran1973 » 25. March 2016 19:12
Altrea,
I found my answer on how to manulayy update OpenSSL in windows runnign Xampp.
Re: HEARTBLEED Bug Open SSL
by stateside » 10. April 2014 00:03
go to http://slproweb.com/products/Win32OpenSSL.html
If on windows, download and install the 32 bit on your machine.
copy the openssl.cnf (cfg? may need renamed) from the new installation \bin file to:
xampp\apache\conf\openssl.cnf
Copy the libeay32.dll, ssleay32.dll and openssl.exe from the new installation bin to:
xampp\apache\bin\libeay32.dll
xampp\apache\bin\ssleay32.dll
xampp\apache\bin\openssl.exe
Restart your server.
If all is good, go to control panel,add remove and remove the Win32OpenSSL.
stateside Posts: 2Joined: 09. April 2014 23:56XAMPP Version: 5.6.3Operating System: Windows Server/Mac OSX/Linux
I found my answer on how to manulayy update OpenSSL in windows runnign Xampp.
Re: HEARTBLEED Bug Open SSL
by stateside » 10. April 2014 00:03
go to http://slproweb.com/products/Win32OpenSSL.html
If on windows, download and install the 32 bit on your machine.
copy the openssl.cnf (cfg? may need renamed) from the new installation \bin file to:
xampp\apache\conf\openssl.cnf
Copy the libeay32.dll, ssleay32.dll and openssl.exe from the new installation bin to:
xampp\apache\bin\libeay32.dll
xampp\apache\bin\ssleay32.dll
xampp\apache\bin\openssl.exe
Restart your server.
If all is good, go to control panel,add remove and remove the Win32OpenSSL.
stateside Posts: 2Joined: 09. April 2014 23:56XAMPP Version: 5.6.3Operating System: Windows Server/Mac OSX/Linux
- abeltran1973
- Posts: 3
- Joined: 25. March 2016 18:45
- Operating System: Windows 2008 R8
Re: OpenSSL version seems to be incorrect
by jeeberpow » 06. April 2016 15:35
I've done this twice in recent years - upgrading to the newest openssl in a windows XAMPP setup.
Downloaded and installed the 32bit from http://slproweb.com/products/Win32OpenSSL.html
Copied the cfg and 3 other files from its bin folder over to the XAMPP installation.
Most recently (today) I found I could not get apache to start unless I copied all of the openssl bin/* files into the apache bin folder. So not just libeay32.dll, ssleay32.dll and openssl.exe but all of them. At that point apache started up fine and was running the latest openssl.
Downloaded and installed the 32bit from http://slproweb.com/products/Win32OpenSSL.html
Copied the cfg and 3 other files from its bin folder over to the XAMPP installation.
Most recently (today) I found I could not get apache to start unless I copied all of the openssl bin/* files into the apache bin folder. So not just libeay32.dll, ssleay32.dll and openssl.exe but all of them. At that point apache started up fine and was running the latest openssl.
- jeeberpow
- Posts: 2
- Joined: 06. April 2016 15:24
- XAMPP version: 5.6.19
- Operating System: Windows
5 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 101 guests