...

View Full Version : OpenSSL Version?



rfresh
08-27-2010, 05:17 AM
Is there any way I can find out what version of OpenSSL is being used on a server I don't admin? The reason I ask this question is that I'm trying to verify that a certain website is PCI compliant. I know from being PCI compliant on all of my own servers that you must have the latest installed ver of OpenSSL other wise you fail the PCI test. So, I'm trying to see what their ver is of OpenSSL and if it's an older ver then I know they are not PCI scanning like they should be doing.

Thanks

oracleguy
08-27-2010, 06:08 PM
If the server has a full server signature turned on, the OpenSSL version will be shown in that. The signature is printed at the bottom of all the generic Apache error pages (like 404 and 500).

Otherwise, do you happen to have shell access to the server? That'd make really easy to check.

If you use the phpinfo function, it prints out the OpenSSL version under the Apache Environment header. Look for 'SSL version library'.

rfresh
08-27-2010, 08:20 PM
No, I don't have shell access...

oracleguy
08-27-2010, 10:01 PM
If the server has PHP on it, then the phpinfo function will be your best bet. Have you used PHP before?

rfresh
08-28-2010, 12:56 AM
Yep, I tried using phpinfo.php but they don't have that script installed.

oracleguy
08-28-2010, 05:33 AM
No it isn't a file. It is a PHP function. Just create a file with a .php extension like test.php and in it put:

<? phpinfo(); ?>

And upload it to your server and then go to the page in your browser. It should spit out a bunch of information.

rfresh
08-29-2010, 09:01 PM
As I said in my original post, I don't have admin rights on this server, so am I at a dead end?

oracleguy
08-30-2010, 05:41 PM
Oh I'm sorry. I didn't realize by that you meant can't upload any files to it or anything. Then in that case, you are probably out of luck.

jphilipson
08-31-2010, 08:31 AM
Well, if it's an Apache server, try going to a non-existent page on the site/server and the default 404 page (assuming they do not use a custom defined one) will show the open ssl version .. like ..

The requested URL /anything/ was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a mod_fcgid/2.3.5 Phusion_Passenger/2.2.15 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at domain.com Port 80



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum