yum and openssl disagree on currently installed version in Centos 6.5
I might be mistaken but what I see is the same version ?
you have openssl.x86_64 1.0.1e-16.6_5.7 installed
and your openssl reports the same version : OpenSSL 1.0.1e-fips 11 Feb 2013
Related videos on Youtube
![bschlueter](https://i.stack.imgur.com/fAvA1.jpg?s=256&g=1)
bschlueter
I've been coding regularly since I began high school and was introduced to logic, the procedural paradigm, and data structures with Pascal and an amusing robot named Karel. I was then taught Java, so as to please the AP overseers, and found respite in Python. I have been developing my knowledge since that time, furthering my knowledge of Python, and learning bits of Javascript, Ruby, Bash, PHP, Haskell, Erlang, Go, C and everything else I run into along the way. Day to day, I use Vagrant, Ansible, and bash, and live in Zsh with Zprezto inside of Tmux, using Vim for editing.
Updated on September 18, 2022Comments
-
bschlueter almost 2 years
I'm attempting to ensure that we are using the most recent openssl version on Centos 6.5, and yum reports that we are, but openssl continues to report that its version is an older one:
[vagrant@centos-65-developer ~]$ sudo yum list openssl Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.trouble-free.net * extras: mirrors.gigenet.com * rpmforge: fr2.rpmfind.net * updates: centos.sonn.com Installed Packages openssl.x86_64 1.0.1e-16.6_5.7 @updates Available Packages openssl.i686 1.0.1e-16.el6_5.7 updates [vagrant@centos-65-developer ~]$ openssl version -a OpenSSL 1.0.1e-fips 11 Feb 2013 built on: Tue Apr 8 02:39:29 UTC 2014 platform: linux-x86_64 options: bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx) compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM OPENSSLDIR: "/etc/pki/tls" engines: dynamic
Does Centos' openssl always report incorrectly, or is this machine truly running the old version (1.0.1e-fips)?
-
mleonard about 10 yearsYou can also see that your openssl was built yesterday ("Tue Apr 8 02:39:29 UTC 2014"), so you really have the most recent package. Most probably, CentOS, similar to other distributors, just patched the 1.0.1e release instead of pushing an upgrade to 1.0.1g.
-
-
bschlueter about 10 yearsYou're not looking at the whole version. Yum reports 1.0.1e-16.6_5.7 and openssl reports 1.0.1e-fips.
-
bschlueter about 10 yearsOkay, cool, between this and the build time, I'm confident in the update. The reason I was concerned was because the rpm release 16.6_5.7 is a patched version of openssl for the heartbleed bug, but is still the same openssl version as the prior, broken version, release 16.e16_5.4.
-
bschlueter about 10 yearsThe issue was the build version, not the architecture. I manually ran
yum update openssl
to get the current version, and openssl's version reporting threw me off.