Current project I am working on require that OpenSSL be upgraded to at least 0.9.8r (with experimental "ECCdraft" ciphersuites disabled) or 1.0.0e. Specifically, OpenSSL 0.9.8p is cited as vulnerable.
Could you tell me if OpenSSL used by Splunk can be upgraded to 0.9.8r? Or can it be configured to simply use the existing installation of OpenSSL on the server so that we don’t always have to upgrade two copies on each server.
The version we are using is 4.2.1.
(A) Splunk's OpenSSL is bundled into Splunk as a private copy. Splunk does not care what your "system" OpenSSL is.
(B) Splunk maintains OpenSSL (and several other bundled components) as part of their overall release process. You should not expect to upgrade "just" Splunk's OpenSSL w/o upgrading Splunk itself. More info is available on http://splunk-base.splunk.com/answers/6653/how-do-splunk-releases-integrate-security-patches-for-dep...
(A) Splunk's OpenSSL is bundled into Splunk as a private copy. Splunk does not care what your "system" OpenSSL is.
(B) Splunk maintains OpenSSL (and several other bundled components) as part of their overall release process. You should not expect to upgrade "just" Splunk's OpenSSL w/o upgrading Splunk itself. More info is available on http://splunk-base.splunk.com/answers/6653/how-do-splunk-releases-integrate-security-patches-for-dep...
The version of openssl came with 4.2.1 is 0.9.8p.
bash-3.00$ ls Copyright-for-open*
Copyright-for-openssl-0.9.8p.txt
Still seeking to upgrade 0.9.8p to 0.9.8r and not sure if this is even doable?
If you review the open source license definitions that are distributed with splunk you should be able to ascertain the version of openssl you are running. I am using Splunk 4.1.8 and the license documents were located here: /opt/splunk/share/splunk/3rdparty. According to Copyright-for-openssl-0.9.8n.txt I should expect openssl 0.9.8n to be in my copy of Splunk.