From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Description of problem: Since all I have seen from Red Hat regarding the latest openssl bug was a cool "Look at openssl.org" I did that and compiled the latest openssl package 0.9.7a Comiling and installing went ok without errors. The old binary openssl in /usr/bin was renamed and a link called openssl created to the new openssl binary (residing at /usr/local/ssl/bin) Doing $openssl version on the console reports correctly 0.9.7a By requesting the http server with wget -Sv https://ipadress I still get reported that OpenSSL would be version o.9.6b ARGH!!! Bring out a patched openssl package soon which considers all that problems or at least bring out some description howto cope that stuff. Really, many other way more uniteresting bugs were fixed in a much quicker way!!!! Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. download openssl 0.9.7a (tar.gz) from openssl.org 2. compile and install it 3. rename openssl in /usr/bin 4. set a link to the new openssl at /usr/local/ssl/bin named openssl in /usr/bin 5. make sure your apache is running and configured to answer http/https requests 6. ask him with wget -Sv Actual Results: See description Expected Results: wget should report openssl version 0.9.7a instead Additional info:
Updated OpenSSL packages are available at http://rhn.redhat.com/errata/RHSA-2003-062.html