Title: OpenSSL Version verification? Last modified: April 18, 2018 --- # OpenSSL Version verification? * [scottl31](https://wordpress.org/support/users/scottl31/) * (@scottl31) * [8 years, 1 month ago](https://wordpress.org/support/topic/openssl-version-verification/) * I also got all the message that Openssl is to old. * What if I don’t update it? Will Wordfence stop functioning? * Also, WF says I’m running version 0.9.8zc, but when I check my server it is 1.0.1l as shown here: * bash-3.2# /usr/bin/openssl version OpenSSL 1.0.1l 15 Jan 2015 * Do you guys look somewhere else for OpenSSL? * Thanks! Viewing 15 replies - 1 through 15 (of 23 total) 1 [2](https://wordpress.org/support/topic/openssl-version-verification/page/2/?output_format=md) [→](https://wordpress.org/support/topic/openssl-version-verification/page/2/?output_format=md) * [jhunt2004](https://wordpress.org/support/users/jhunt2004/) * (@jhunt2004) * [8 years, 1 month ago](https://wordpress.org/support/topic/openssl-version-verification/#post-10199511) * I am getting the same error. * [wfyann](https://wordpress.org/support/users/wfyann/) * (@wfyann) * [8 years, 1 month ago](https://wordpress.org/support/topic/openssl-version-verification/#post-10207722) * Hi [@scottl31](https://wordpress.org/support/users/scottl31/), * Could you please check which OpenSSL version cURL uses (`curl --version`) on your server? * Thread Starter [scottl31](https://wordpress.org/support/users/scottl31/) * (@scottl31) * [8 years, 1 month ago](https://wordpress.org/support/topic/openssl-version-verification/#post-10207864) * Hi, * bash-3.2# curl –version curl 7.43.0 (x86_64-apple-darwin14.0) libcurl/7.43.0 SecureTransport zlib/1.2.8 * looks like it doesn’t use it at all. - This reply was modified 8 years, 1 month ago by [scottl31](https://wordpress.org/support/users/scottl31/). * [wfalaa](https://wordpress.org/support/users/wfalaa/) * (@wfalaa) * [8 years, 1 month ago](https://wordpress.org/support/topic/openssl-version-verification/#post-10209412) * Hi [@scottl31](https://wordpress.org/support/users/scottl31/) Your website must connect successfully to Wordfence cloud servers in order to get all the plugin features running well. Using an old version of OpenSSL library might affect that, you can double check if there is something wrong in the connectivity between your server and our servers by checking (Wordfence > Tools > Diagnsotics > Connectivity). * On your server, running `openssl version` should reveal the version of OpenSSl library installed, also you can diagnose your website’s SSL configuration using [this tool](https://www.ssllabs.com/ssltest), check the “OpenSSL” part in the“ Handshake Simulation” section as in this [screenshot](https://snag.gy/IJZnX4.jpg). For more information regarding this version check please review [this doc](https://www.wordfence.com/help/advanced/system-requirements/#ssl-version). * Thanks. * Thread Starter [scottl31](https://wordpress.org/support/users/scottl31/) * (@scottl31) * [8 years, 1 month ago](https://wordpress.org/support/topic/openssl-version-verification/#post-10209759) * Yes, I did that in my first post, here it is again: * bash-3.2# openssl version OpenSSL 1.0.1l 15 Jan 2015 * bash-3.2# which openssl /usr/bin/openssl * But you guys think I am running version 0.9.8zc. If my server says 1.0.1l, where are you looking that you are getting 0.9.8zc? * Thread Starter [scottl31](https://wordpress.org/support/users/scottl31/) * (@scottl31) * [8 years, 1 month ago](https://wordpress.org/support/topic/openssl-version-verification/#post-10228265) * Any response possible? WF seems to be looking somewhere else than my server shows. * [wfalaa](https://wordpress.org/support/users/wfalaa/) * (@wfalaa) * [8 years, 1 month ago](https://wordpress.org/support/topic/openssl-version-verification/#post-10232051) * Hi [@scottl31](https://wordpress.org/support/users/scottl31/) * Since the OpenSSL and cURL command line tools don’t always match the version that PHP was built with. Please follow the link of “Click to view your system’s configuration in a new window” option under (Wordfence > Tools > Diagnostics > Other Tests), check the version of OpenSSL there. * Thanks. * Thread Starter [scottl31](https://wordpress.org/support/users/scottl31/) * (@scottl31) * [8 years, 1 month ago](https://wordpress.org/support/topic/openssl-version-verification/#post-10232262) * Yes, I already did that and reported above that it indeed says I’m running version 0.9.8zc * But as also stated above, version command shows; * bash-3.2# openssl version OpenSSL 1.0.1l 15 Jan 2015 * So do I have two different OpenSSLs on my server? If so, why can’t I tell WF to look at the 1.0.1l version? Or please tell me where WF is looking and finding 0.9.8zc so I can delete or update it. * Thanks! * Thread Starter [scottl31](https://wordpress.org/support/users/scottl31/) * (@scottl31) * [8 years ago](https://wordpress.org/support/topic/openssl-version-verification/#post-10240355) * Can you please respond to the last post? * I have gotten another warning about it being too old. * But one other thing. I have another different server from the one I’m asking about above. On that one, WF says OK and that I have “LibreSSL 2.2.7” * HOWEVER: * When I check it on command line I get: * bash-3.2# openssl version OpenSSL 0.9.8zh 14 Jan 2016 bash-3.2# which openssl/ usr/bin/openssl * and this would be a bad version. * So I need to know where WF is looking and how to change it. * [greigner](https://wordpress.org/support/users/greigner/) * (@greigner) * [8 years ago](https://wordpress.org/support/topic/openssl-version-verification/#post-10246733) * I too am having this issue on multiple sites. I don’t have any record of OpenSSL at all, but WordFence indicates that my version is out of date. I don’t have an SSL cert in place, and nothing on my hosting account indicates I’m using Open SSL. * If I scan using the recommended 3rd-party tool (Qualys SSL Labs), I get the following for all affected websites: * Assessed on: Fri, 04 May 2018 11:57:00 UTC **Assessment failed: No secure protocols supported** * According to WF diagnostics, it sees Open SSL in use: **OpenSSL 1.0.0-fips 29 Mar 2010 (0x10000003)** * Is this a false error? * [greigner](https://wordpress.org/support/users/greigner/) * (@greigner) * [8 years ago](https://wordpress.org/support/topic/openssl-version-verification/#post-10247020) * I just found from another post that updating to PHP 5.6 or higher under “Programming Languages” solves the issue I detailed above. * After the upgrade to PHP 5.6, WF diagnostices indicates: **OpenSSL 1.0.1e-fips 11 Feb 2013 (0x1000105f)**. * The alert is now gone. Hope this helps! - This reply was modified 8 years ago by [greigner](https://wordpress.org/support/users/greigner/). * Thread Starter [scottl31](https://wordpress.org/support/users/scottl31/) * (@scottl31) * [8 years ago](https://wordpress.org/support/topic/openssl-version-verification/#post-10259997) * My last two posts have not been responded to. If anybody has a chance, I’d appreciate it. Thanks! * [greigner](https://wordpress.org/support/users/greigner/) * (@greigner) * [8 years ago](https://wordpress.org/support/topic/openssl-version-verification/#post-10260067) * Scott, * These forums are sort of community driven, so a response from the developer is sometimes hard to get. Did you update your PHP to version 5.6 or higher? PHP and OpenSSL have some type of reliance on each other, so although your host’s server might support a higher version, your installed language (PHP) may not – it could be where the report is coming from. Installing PHP 5.6, 7, 7.1, or 7.2 should provide WF with the correct data. Good luck! * Thread Starter [scottl31](https://wordpress.org/support/users/scottl31/) * (@scottl31) * [8 years ago](https://wordpress.org/support/topic/openssl-version-verification/#post-10260104) * Are you saying that PHP carries along with it it’s own version of open ssl, regardless of what is installed on the server? If so, it seems confusing and just plain wrong to have two different open ssls running at once. * I can’t update PHP at the moment. I need approval from higher up, which I’m trying to get. * Isn’t there a way to update just the open ssl of the installed version of PHP( 5.5). Thanks! * [tombombadil69](https://wordpress.org/support/users/tombombadil69/) * (@tombombadil69) * [8 years ago](https://wordpress.org/support/topic/openssl-version-verification/#post-10261799) * Has there been any workaround meanwhile? * Due to several reasons, we cannot upgrade all our company servers from CentOS5 to a newer version at the moment. Besides technical and ‘lack of time’ issues, this would also involve a significant amount of money to be paid to our web hosters for moving all the servers to new hardware. We are not willing to invest time/ efforts/money, just because a WordPress plugin is not satisfied with its installation environment. * Our 3-year Wordfence subscription is running out soon (and the present installation cannot be validated due to this “error” anyways – it just won’t accept/verify our current Premium Code, as Wordfence is unable to connect ‘home’ – therefore the current installation is useless to us). So we will soon have to make a decision on how to proceed. * If there should be no workaround, I would appreciate if the community could point me to / recommend an alternative product. Thank you in advance! Viewing 15 replies - 1 through 15 (of 23 total) 1 [2](https://wordpress.org/support/topic/openssl-version-verification/page/2/?output_format=md) [→](https://wordpress.org/support/topic/openssl-version-verification/page/2/?output_format=md) The topic ‘OpenSSL Version verification?’ is closed to new replies. * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865) * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordfence/) * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/) * 23 replies * 6 participants * Last reply from: [tombombadil69](https://wordpress.org/support/users/tombombadil69/) * Last activity: [8 years ago](https://wordpress.org/support/topic/openssl-version-verification/page/2/#post-10263224) * Status: not resolved