Hi Bruce, > Also, when I restart Apache after installing the OpenSSL RPMS, it > still shows "...OpenSSL/0.9.6b..." in the signature string. I don't > know if this is dynamic or compiled in someplace...
The reference "OpenSSL/0.9.6b" in the Apache banner is because Mod_SSL (/usr/lib/apache/libssl.so) is compiled against OpenSSL/0.9.6b. To verify this you can run the following command from the command line: strings /usr/lib/apache/libssl.so|grep OpenSSL To upgrade the SSL version which Apache uses you'd need to recompile Mod_SSL against a newer OpenSSL. This can be done without recompiling Apache due to its modular architecture, however, you need to have the Apache-1.3.20 sources handy (from the old SRPM on the Cobalt FTP site, for instance). I did that once with my free Mod_SSL upgrade PKG when Slapper & Scalper surfaced and before Sun Cobalt had the Apache patch ready. -- With best regards, Michael Stauber _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
