Installing OpenSSL 1.0.0 and Apache http server

[linguy]

OS: CentOS 5.5

I have been trying to install OpenSSL 1.0.0 from sources and seems like I have been successful. However, when I sniff my Apache web server from serversniff.net it reports that my server is still using "OpenSSL 0.9.8h 28 May 2008".

When I restart my Apache server, it reports that it is using OpenSSL 1.0.0 in the logs:

[Mon May 17 11:20:26 2010] [notice] Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/1.0.0 configured -- resuming normal operations

What do I need to do to get the correct OpenSSL version advertised by my server?

Thanks

[jledhead]

could it be because of what version of openssl your cert was made with?

[linguy]

I built the cert with OpenSSL 1.0.0.

[killabee]

Was the older version of OpenSSL (OpenSSL 0.9.8h) and Apache initially compiled manually or were any of them preinstalled with CentOS? If Apache was preinstalled or installed prior to installing OpenSSL 1.0.0, I suspect that some other component in it is still "bound" to the old version of OpenSSL.

Just today I attempted to install the latest version of BIND 9. When I ran the configure script, it told me that it couldn't find OpenSSL 1.0.0, when indeed I did (apparently it was preinstalled with Fedora 12). I told the configure script to look in the OpenSSL directory (or what appeared to be the directory), but then it complained about not finding a header file. I decided to just install OpenSSL manually and after that I was able to install BIND just fine.

I guess from Fedora's perspective, OpenSSL was installed...just not in the standard locations that other software expects it to be in.

I suspect that from one operational perspective, Apache thinks that it has the latest version of OpenSSL, whereas from another perspective (maybe when it was preinstalled?) it thinks that it doesn't.

[linguy]

I believe you are right but I can't figure out what part of Apache is still hanging onto OpenSSL 0.9.8h. I installed both OpenSSL 1.0.0 and Apache from sources (manually) with these configure commands:

For OpenSSL:
./config --prefix=/usr/local --openssldir=/usr/local/openssl

For Apache:
./configure --enable-headers --enable-proxy --enable-proxy-connect --enable-proxy-http --enable-rewrite --enable-ssl --enable-perl --with-ssl=/usr/local/openssl --with-sslport=443

Before installing Apache though, I had to do the following to get Apache to recognize OpenSSL 1.0.0:

yum remove openssl-devel
rpm -e --allmatches --nodeps openssl

And after all was finished, I had to install the original OpenSSL 0.9.8 from RPM so that other components of my Linux box (SSH Server, etc.) worked.