How to check which version of openssl is getting compiled in into dovecot?

Aki Tuomi aki.tuomi at dovecot.fi
Fri Oct 27 10:09:48 EEST 2017



On 27.10.2017 10:07, @lbutlr wrote:
>
>> On Oct 27, 2017, at 12:33 AM, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
>>
>>
>>
>> On 27.10.2017 00:53, krzf83 at gmail.com wrote:
>>> I got multiple versions of openssl in my system. I compile dovecot with
>>> PKG_CONFIG_PATH=/usr/openssl-1.0.2l-fpic/lib/pkgconfig ./configure
>>>
>>> How do I check which version of openssl got compiled in? configure
>>> script does not show version. There seem to be no way to check it in
>>> compiled binary (?)
>>>
>>> My dovecot is still seen vulnerable by tls testing tools so I'm
>>> guessing wrong version of openssl got compiled it but there seem to be
>>> no way to check it.
>> You can check with ldd /usr/lib/dovecot/imap-login (or libexec)
>>
>> Just check which SSL library has been linked to it.
> That is not immediately helpful, though.
>
> libssl.so.9 => /usr/local/lib/libssl.so.9 (0x28313000
>
> No version info there…
>
I was kinda assuming you'd know which library it should link into. But..

$ strings /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0 | grep OpenSSL
OpenSSLDie
SSLv3 part of OpenSSL 1.0.1t  3 May 2016
TLSv1 part of OpenSSL 1.0.1t  3 May 2016
DTLSv1 part of OpenSSL 1.0.1t  3 May 2016
OpenSSL 1.0.1t  3 May 2016

works at least for me. maybe this helps you?

Aki


More information about the dovecot mailing list