Is there a way to specify/modify the order of locations in the path of where to look for the libraries in compile/run time? Might help.
Oscar Am 21.01.2015 um 11:46 schrieb srihari na: > Hey > > Thank you very much for quick reply, I did modify ServerTokens from OS > to Full and did restart apache. However I tried to hit my server I do > not see server header added. Is there any other precondition that I > need to take care of I am using Apache HTTPD 2.2.25. > > [root@10 conf]# curl --head https://localhost:443/login -k > HTTP/1.1 200 OK > Date: Wed, 21 Jan 2015 10:43:42 GMT > Set-Cookie: > JSESSIONID=521BFADA9009F72C4ED9BF6D5CA63899.7001stagingcld-tomcat9; > Path=/; Secure; HttpOnly > Cache-Control: no-cache > Pragma: no-cache > Expires: Wed, 31 Dec 1969 23:59:59 GMT > Content-Type: text/html;charset=UTF-8 > Content-Language: en-US > Content-Length: 5967 > > [root@10 conf]# > > On Wed, Jan 21, 2015 at 3:55 PM, Pete Houston <p...@openstrike.co.uk > <mailto:p...@openstrike.co.uk>> wrote: > > On Wed, Jan 21, 2015 at 03:44:43PM +0530, srihari na wrote: > > However from external/client side how can I verify which is the > exact > > version of openssl libraries being used during communication. > Please help. > > In your httpd.conf specify > > ServerTokens Full > > Then from the client side you can inspect the headers for the OpenSSL > version. eg: http://httpd.apache.org/ currently reports: > > Server: Apache/2.4.11 (Unix) OpenSSL/1.0.1l > > See http://httpd.apache.org/docs/2.2/mod/core.html#servertokens > You might consider this as information leakage so may not wish to > leave > it permanently enabled. > > Pete > -- > Openstrike - improving business through open source > http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 > > > > > -- > Regards, > Srihari NA
