I have tested website on Qualys ssl lab and get F rating with following error:
This server is vulnerable to the OpenSSL Padding Oracle vulnerability (CVE-2016-2107) and insecure. Grade set to F.
I have updated openssl to 1.0.1t but I am still getting an F rating.
Are you happy to provide the domain name, so we can do some checks ? have you restarted things properly ? is openssl 1.0.1t being used ?
Has your webserver been restarted? Perhaps it still uses the old libraries from memory…
Yes i have already restarted apache server.
Please check domain name:xxxxxxxx
Looking at the site, it's reporting still using the older version ...
What version does the command line say you are running ?
openssl version
If that says it's 1.0.1t then is it possible to restart the server to ensure everything is loading / using that version ?
Maybe the webserver was statically rather than dynamically linked against OpenSSL?
good point, hadn’t thought of that.
Thanks to all problem is solved
Before I installed the tar file of openssl and create soft links for that.
$ cd /usr/src2.
$ wget https://www.openssl.org/source/openssl-1.0.1t.tar.gz -O openssl-1.0.1t.tar.gz3.
$ tar -zxf openssl-1.0.1t.tar.gz4.
$ cd openssl-1.0.1t$ ./config
$ make
$ make test
$ make install
$ ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
But the above procedure is wrong, below is the correct solution:
Solution
$ yum update openssl
And restart apache server.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.