Hey Thank you very much for quick reply, I did modify ServerTokens from OS to Full and did restart apache. However I tried to hit my server I do not see server header added. Is there any other precondition that I need to take care of I am using Apache HTTPD 2.2.25.
[root@10 conf]# curl --head https://localhost:443/login -k HTTP/1.1 200 OK Date: Wed, 21 Jan 2015 10:43:42 GMT Set-Cookie: JSESSIONID=521BFADA9009F72C4ED9BF6D5CA63899.7001stagingcld-tomcat9; Path=/; Secure; HttpOnly Cache-Control: no-cache Pragma: no-cache Expires: Wed, 31 Dec 1969 23:59:59 GMT Content-Type: text/html;charset=UTF-8 Content-Language: en-US Content-Length: 5967 [root@10 conf]# On Wed, Jan 21, 2015 at 3:55 PM, Pete Houston <p...@openstrike.co.uk> wrote: > On Wed, Jan 21, 2015 at 03:44:43PM +0530, srihari na wrote: > > However from external/client side how can I verify which is the exact > > version of openssl libraries being used during communication. Please > help. > > In your httpd.conf specify > > ServerTokens Full > > Then from the client side you can inspect the headers for the OpenSSL > version. eg: http://httpd.apache.org/ currently reports: > > Server: Apache/2.4.11 (Unix) OpenSSL/1.0.1l > > See http://httpd.apache.org/docs/2.2/mod/core.html#servertokens > You might consider this as information leakage so may not wish to leave > it permanently enabled. > > Pete > -- > Openstrike - improving business through open source > http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 > -- Regards, Srihari NA
