Pivotal Knowledge Base

Follow

How to determine what version of OpenSSL is bundled with VMware vFabric Enterprise Ready Server (ERS), Apache Web Server and vFabric Web Server (vFWS)

 

Purpose

How to determine what version of OpenSSL is bundled with VMware vFabric Enterprise Ready Server (ERS), Apache Web Server and vFabric Web Server (vFWS).

Resolution

Users can obtain VMware ERS and vFWS OpenSSL version info using any one of the follow options:

  1. Load mod_info with this configuration setup in httpsd.conf:
    <Location /server-info> 
    SetHandler server-info
    Order deny,allow
    Deny from all
       Allow from localhost
    </Location>
    Point the browser to http://localhost:3780/server-info page.
  2. Load mod_php and use phpinfo();
    <php?
        phpinfo();
    ?>
    For vFWS, use PHP with mod_fcgid.

    Point the browser to http://localhost:3780/phpinfo.php page.
     
  3. Use ERS bundled php command:

    > ERS4/php5.x/bin/php -i | grep OpenSSL" 
    OpenSSL support => enabled
    OpenSSL Version => OpenSSL 0.9.8n-fips 24 Mar 2010
  4. Use ERS or vFWS bundled OpenSSL command.

    Source the environment file on Unix:

    > source ERS-4.0.x/apache2.2/bin/envvars 
    or
    > source vFWS-5.x.x/http-2.2/bin/envvars
    Run openssl to get all the version info:
    > ERS-4.0.x/tools/bin/openssl version -a 
    OpenSSL 0.9.8n-fips 24 Mar 2010
    built on: Fri Mar 26 07:06:37 PDT 2010
    platform: x86-linux-glibc2
    options:  bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) blowfish(idx)
    compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m32 -march=pentium -I/local0/tmp/auto_build/x86_64-linux-glibc2/obj/x86-linux-glibc2/thirdparty/include -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM
    OPENSSLDIR: "/local0/tmp/auto_build/x86_64-linux-glibc2/obj/x86-linux-glibc2/thirdparty/ssl"
    or
    > vFWS-5.x.x/http-2.2/bin/openssl version -a

    OpenSSL 1.0.1c-fips 10 May 2012
    built on: Wed Jul 11 19:19:41 CDT 2012
    platform: x86_64-linux-glibc2
    options:  bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)
    compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -m64 -mtune=core2
    -g -Wa,--noexecstack -I/home/hudson/workspace/vfws-5.1-x86_64-linux-glibc2/obj/x86_64-linux-glibc2/thirdparty/include  -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_
    ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -I/home/hudson/workspace/vfws-5.1-x86_64-linux-glibc2/obj/x86_64-linux-glibc2/openssl-fips/x86_64-
    linux-glibc2/include -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
    OPENSSLDIR: "/home/hudson/workspace/vfws-5.1-x86_64-linux-glibc2/obj/x86_64-linux-glibc2/thirdparty/ssl"
  5.   If you already started up Apache with mod_ssl, you can grep "OpenSSL" logs/error.log:

    [Wed Jan 09 09:33:30 2013] [notice] Apache/2.2.17 (Unix) DAV/2 mod_ssl/2.2.17 OpenSSL/0.9.8r-fips PHP/5.2.17 covalent_ftp/3.2.4 mod_perl/2.0.4 Perl/v5.8.8 configured -- resuming normal operations
    Or use curl command to fetch the HTTP Server header info:
    > curl -I http://localhost:3780
    HTTP/1.1 200 OK
    Date: Wed, 09 Jan 2013 17:44:35 GMT
    Server: Apache/2.2.17 (Unix) DAV/2 mod_ssl/2.2.17 OpenSSL/0.9.8r-fips PHP/5.2.17 covalent_ftp/3.2.4 mod_perl/2.0.4 Perl/v5.8.8
    Accept-Ranges: bytes
    Content-Length: 7465
    Content-Type: text/html; charset=ISO-8859-1
©VMware 2013

Comments

Powered by Zendesk