OpenSSL version too old

  • Resolved DYLdev

    (@dyldev)


    6 years ago

    Hi,

    I just upgraded wordfence to the latest version. Most recent scan gives the alert “OpenSSL version too old.”

    The site is run off of godaddy’s shared hosting platform, so we do not have any control over the version of OpenSSL installed. (I think even though it is installed, the servers appear to be using something else, because TLS v1.2 is enabled, which the old version of OpenSSL installed doesn’t support.) Will I keep getting this alert for every scan?

Viewing 5 replies - 1 through 5 (of 5 total)
  • ideafusionmedia

    (@ideafusionmedia)

    6 years ago

    FYI – I had a similar issue and found that the hosting account was setup to use PHP 5.4. I upgraded to 5.6 and that fixed the issue.

    However, you’ll want to make sure and check the site over very thoroughly afterward to make sure that your site supports it.

    Thread Starter DYLdev

    (@dyldev)

    6 years ago

    @ideafusionmedia

    Thanks for the tip! The sites are mostly WordPress so upgrading shouldn’t be an issue. I do have a few custom scripts running on the sites, but they are mostly doing some basic calls to the database, so I just had to be sure those were using the MySQLi extensions and not MySQL for my database queries, which I already was.

    wfalaa

    (@wfalaa)

    6 years ago

    Hi @dyldev
    These versions scans will be triggered regularly, please use this tool to check your website SSL configuration, it would be nice to share with me a screenshot showing “OpenSSL” part in the “Handshake Simulation” section as in this screenshot.

    Thanks.

    • This reply was modified 6 years ago by wfalaa. Reason: adding the ssltest link
    greigner

    (@greigner)

    5 years, 11 months ago

    I had the exact same issue, and it does appear that updating to PHP 5.6 or higher under “Programming Languages” solves this issue.

    My original details of this issue are a part of another recent post here, prior to me discovering this one.

    After the upgrade to PHP 5.6, WF diagnostices indicates:
    OpenSSL 1.0.1e-fips 11 Feb 2013 (0x1000105f)

    Thanks for the help, @ideafusionmedia! Much appreciated. Good luck everyone.

    saha_FR

    (@saha_fr)

    5 years, 11 months ago

    Hi everyone !
    I just install wordfence (that i have on all website)
    it tell me OPENSLL version too old

    My server is in PHP 5.6 and here is my screen of SSL Server test :
    screenshot

    any idea ?
    Thx

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘OpenSSL version too old’ is closed to new replies.