0

Followed https://www.linuxhelp.com/how-to-install-and-update-openssl-on-ubuntu-16-04/ link to upgrade openSSL.

openssl version is, OpenSSL 1.0.2h 3 May 2016

After that tried sudo service nginx restart

$ apt-cache policy openssl    
openssl:
Installed: 1.0.2g-1ubuntu4.10
Candidate: 1.0.2g-1ubuntu4.10
sudo apt-get install --only-upgrade libssl1.0.0 openssl

Reading package lists... Done
Building dependency tree
Reading state information... Done
libssl1.0.0 is already the newest version (1.0.2g-1ubuntu4.10).
openssl is already the newest version (1.0.2g-1ubuntu4.10).
The following packages were automatically installed and are no longer required:
bridge-utils containerd linux-aws-headers-4.4.0-1048
linux-headers-4.4.0-1048-aws linux-image-4.4.0-1048-aws runc ubuntu-fan
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
lsb_release -a

No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.4 LTS
Release:    16.04
Codename:   xenial

nginx -V
nginx version: nginx/1.11.1
built by gcc 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.9) 
built with OpenSSL 1.0.2h  3 May 2016
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --with-openssl=/usr/local/src/openssl --user=www-data --group=www-data --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-threads --with-stream --with-stream_ssl_module --with-http_slice_module --with-mail --with-mail_ssl_module --with-file-aio --with-http_v2_module --with-ipv6

Still getting 'F' in https://www.ssllabs.com/

Screenshots: screenshot1 sceeenshot2 screenshot3 screenshot4 Thanks in Advance!

Rashmi
  • 101
  • In short - installing a package from source will not update your distributions packaged version, and all packages using your distributions version. – vidarlo Mar 26 '18 at 11:37
  • Yeah. What to do? – Rashmi Mar 26 '18 at 11:40
  • The openssl version you have should be patched, ref changelog – vidarlo Mar 26 '18 at 12:01
  • It may sound dumb. But what exactly I need to do? As I have no prior knowledge. – Rashmi Mar 26 '18 at 12:29
  • Nginx is a server for which you cannot change/upgrade OpenSSL version directly because while compiling and making nginx you need to specify the OpenSSL path. So basically you need to recompile and reinstall the nginx server with the latest OpenSSL path. From the procedure that you've followed, you're just changing the currently installed OpenSSL version on your system. Follow this procedure to upgrade OpenSSL for nginx server: > https://forum.vestacp.com/viewtopic.php?t=12522 Would you mind sharing the host for which you're getting 'F'? – Nauman Shah Mar 27 '18 at 12:34
  • Really sorry can not share host for some reasons but I have attached screenshots in question. I hope it may help. Thank you. – Rashmi Mar 29 '18 at 05:28

0 Answers0