3

I am bit confused between openssl & mod_ssl, so after hours of googling & readding documentation i have to post my query here .. I am on apache 2 which has ssl inbuilt, so where can i check which openssl version is being used .. is it the machine's openssl which apache is using or something which comes bundles with mod_ssl

$ openssl version
OpenSSL 1.0.0-fips 29 Mar 2010
$ uname -a
Linux

& when i hit the URL it shows following in response :

Server:Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0.e

also when grep in mod_ssl.so: 

$ strings mod_ssl.so | grep -i openssl

OpenSSL 1.0.0e 6 Sep 2011

so why the difference in versions and from where it is picking that version.

MichelZ
  • 11,068
  • 4
  • 32
  • 59
Anuj Tomar
  • 31
  • 1
  • 3
  • Tell us all the basic information about your system. Also, you should copy and paste instead of typing everything manually. – Michael Hampton Apr 13 '14 at 18:55
  • I am not Server admin, just web server admin so don't know how & when openSSL was installed on server or who & how installed apache, we are managing the same, so if you can let me know what details you need i can provide the same.. – Anuj Tomar Apr 13 '14 at 19:17
  • Well, if the response to the URL whose OpenSSL/1.0.0.e and mod_ssl.so shows the same, then Apache uses this version. – MichelZ Apr 13 '14 at 19:20
  • ok but the one installed in server is OpenSSL 1.0.0-fips 29 Mar 2010 .. so is the fips something else which incorporates 1.0.0.e - http://www.openssl.org/source/ in here fips seems to be something different than others - http://www.openssl.org/docs/fips/fipsnotes.html – Anuj Tomar Apr 13 '14 at 19:32

1 Answers1

3

MOD_SSL is the interface apache uses to communicate with OpenSSL which is a cryptographic engine. OpenSSL does the work, whilst MOD_SSL provides the functions which allow Apache to use OpenSSLs features...

from : https://www.experts-exchange.com/questions/27628939/What-is-the-difference-between-Apache-Mod-SSL-and-OpenSSL.html

Mr__ Scalpel
  • 31
  • 3