The answer is
Use the following commands.
$ openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013 (or similar output)
For RHEL/CentOS/Fedora:
$ httpd -t -D DUMP_MODULES | grep ssl
ssl_module (shared)
For Ubuntu/Debian
$ apache2 -t -D DUMP_MODULES | grep ssl
ssl_module (shared)
For SUSE
$ httpd2 -t -D DUMP_MODULES | grep ssl
ssl_module (shared)
Usually, when you compile your apache2 server (or install it by packages facility stuff), you can check any directive that're available to be used by tapping this command:
~# $(which httpd) -L | grep SSL # on RHEL/CentOS/Fedora
~# $(which apache2) -L | grep SSL # on Ubuntu/Debian
If you don't see any SSL* directive, it means that you don't have apache2 with mod_ssl compiled.
Hopes it helps ;)
Fortunately, Most flavors of Linux have OpenSSL "out of the box".
To verify installation:
openssl version
Response:
OpenSSL 1.0.1t 3 May 2016
Note: version OpenSSL 1.0.1 through 1.0.1f (inclusive)
are vulnerable to the OpenSSL Heartbleed Bug.
Versions 1.0.1g and greater are fixed.
For additional install info:
Ubuntu/Debian
dpkg -l | grep -i openssl
Response:
ii libcrypt-openssl-random-perl 0.04-2+b1 amd64 module to access the OpenSSL pseudo-random number generator
ii libcurl3:amd64 7.38.0-4+deb8u5 amd64 easy-to-use client-side URL transfer library (OpenSSL flavour)
ii libgnutls-openssl27:amd64 3.3.8-6+deb8u4 amd64 GNU TLS library - OpenSSL wrapper
ii openssl 1.0.1t-1+deb8u6 amd64 Secure Sockets Layer toolkit - cryptographic utility
ii python-ndg-httpsclient 0.3.2-1 all enhanced HTTPS support for httplib and urllib2 using PyOpenSSL
ii python-openssl 0.14-1 all Python 2 wrapper around the OpenSSL library
ii ssl-cert 1.0.35 all simple debconf wrapper for OpenSSL
Yea, OpenSSL is installed!
To install OpenSSL if you don't have it, try:
Debian/Ubuntu:
sudo apt-get install openssl
RedHat/CentOS:
yum install openssl
Enable mod_ssl in httpd.conf and restart the apache. You will see the openssl information in error.log as below
[Fri Mar 23 15:13:38.448268 2018] [mpm_worker:notice] [pid 8891:tid 1] AH00292: Apache/2.4.29 (Unix) OpenSSL/1.0.2n configured -- resuming normal operations_x000D_
[Fri Mar 23 15:13:38.448502 2018] [core:notice] [pid 8891:tid 1] AH00094: Command line: '/opt/apps/apache64/2.4.29/bin/httpd'Just look in the ssl_engine.log in your Apache log directory where you should find something like:
[ssl:info] [pid 5963:tid 139718276048640] AH01876: mod_ssl/2.4.9 compiled against Server: Apache/2.4.9, Library: OpenSSL/1.0.1h
Using Apache 2, you can see what modules are currently loaded by the HTTP daemon by running the following command:
apache2ctl -M
The -M option is really just a parameter passed to httpd.
apache2ctl is a front end to the Apache HyperText Transfer Protocol (HTTP) server. It is designed to help the administrator control the functioning of the Apache apache2 daemon.
NOTE: The default Debian configuration requires the environment variables APACHE_RUN_USER, APACHE_RUN_GROUP, and APACHE_PID_FILE to be set in /etc/apache2/envvars. The apache2ctl script returns a 0 exit value on success, and >0 if an error occurs. For more details, view the comments in the script.
If you just run openssl in your terminal it should present the openSSL shell. My first clue to knowing that I didn't have mode_ssl was when I got the following error after adding SSLEngine on in my virtualhost file:
Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration
In centos I just had to install it via yum install mod_ssl
To determine openssl & ssl_module
# rpm -qa | grep openssl
openssl-libs-1.0.1e-42.el7.9.x86_64
openssl-1.0.1e-42.el7.9.x86_64
openssl098e-0.9.8e-29.el7.centos.2.x86_64
openssl-devel-1.0.1e-42.el7.9.x86_64
mod_ssl
# httpd -M | grep ssl
or
# rpm -qa | grep ssl
In my case this is how I got the information:
find where apache logs are located, and go there, in my case:
cd /var/log/apache2find in which log openssl information can be found:
grep -i apache.*openssl *_loge.g. error_log ...to get fresh information, restart apache, e.g.
rcapache2 restart # or service apache2 restartcheck for last entries in the log, e.g.
/var/log/apache2 # tail error_log[Thu Jun 09 07:42:24 2016] [notice] Apache/... (Linux/...) mod_ssl/2.2.22 OpenSSL/1.0.1t ...
Create a test.php file with the following code in a www folder:
<?php echo phpinfo();?>
When you navigate to that page/URL in the browser. You will see something similar if you have openssl enabled:
You should install this Apache mod, http://httpd.apache.org/docs/2.0/mod/mod_info.html, it basically gives you a run down of the mods you're using and the Apache settings. I have this enabled on my Apache and it gives me this info for my website,
Server Version: Apache/2.2.3 (Debian) mod_jk/1.2.18 PHP/5.2.0-8+etch13 mod_ssl/2.2.3 OpenSSL/0.9.8c mod_perl/2.0.2 Perl/v5.8.8
The default Apache install is configured to send this information on the Server header line. You can view this for any server using the curl command.
$ curl --head http://localhost/
HTTP/1.1 200 OK
Date: Fri, 04 Sep 2009 08:14:03 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8a DAV/2 PHP/5.2.6 SVN/1.5.4 proxy_html/3.0.0
If you have PHP installed on your server, you can chek it in runtime using "extension_loaded" funciontion. Just like this:
<?php
if (!extension_loaded('openssl')) {
// no openssl extension loaded.
}
?>
To find the ssl version
- Go to Apache bin folder in command prompt
- Enter these commands "openssl version"
to verify in php command lie
$php -i | grep openssl
Source: Stackoverflow.com