Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials

OpenSSL in Serv-U ver 15.x

The last Serv-U release notes which mention OpenSSL were from version 12.1.0.6 indicating OpenSSL 0.9.8x.

Does Serv-U version 15.x still use OpenSSL 0.9.8x or has that been updated?

I'm concerned if our Serv-U installation is affected by CVE-2014-0160, HeartBleed OpenSSL vulnerability, which is a nasty one. OpenSSL versions 1.0.1 through 1.0.1f (inclusive) are vulnerable.

Find more posts tagged with

Accepted answers

All comments

andy_h

Just confirmed in my own environment that the latest version of Serv-U 15.0.1 does currently use an OpenSSL 0.9.8.24. You can confirm this in your Serv-U installation directory. Specifically the two file versions to check are:

SSLEAY32.DLL
LIBEAY32.DLL

Hence Serv-U is not currently effected by this HeartBleed bug mentioned here http://heartbleed.com/

supahabs

I just check ours with those two files and found out we're using 1.0.1e.

I run to another site “https://lastpass.com/heartbleed" to test vulnerability for our site and it came out as NOT VULNERABLE.

What other steps can I verify that or system is not affected by this bug?

peter.kruty

Hi,

as mentioned in this post Heartbleed.com - OpenSSL security concerns Serv-U is NOT affected by this bug.

Peter

peter.kruty

Did you manipulate openssl installation within Serv-U? As it should not be version 1.0.1e. What is the location of those files you are checking?

jonathan_at_solarwinds

This is great news. FWIW, I'm tracking managed file transfer responses to the Heartbleed crisis on my blog.