10-06-2013 10:11 PM
I have to upgrade openssl.
OS: ii1 V1.
OpenSSL Version :OpenSSL A.00.09.08q.001 Secure Network Communications Protocol
Apache version : Apache/2.0.63
i have to upgrade openssl from A.00.09.08q.001 to OpenSSL_A.00.09.08y.001.
what are the recommendation steps that I have to carry out.
1. taking backup of /opt/openssl directory.
2.How can I check if apache version supports new opnessl version OpenSSL_A.00.09.08y.001
3.what are the other things that i have to check
4.what is the roll back plan ?
10-07-2013 10:16 AM - edited 10-07-2013 10:17 AM
I think that support for openssl is statically linked into the HP web suite when it is built. There are no dependencies on the openssl bundle in the apache bundle from HP, and chatr's of the apache/bin/openssl and apache/modules/mod_ssl.so files do not show any link dependencies on libssl or libcrypto. (But if I'm wrong I'd sure like to know.)
If a vulnerability to openssl impacted apache, then I suspect we'd get a CVE or security bulletin.