From alvaro.gasco at externos.correo.gob.es  Fri Jul 31 05:48:00 2020
From: alvaro.gasco at externos.correo.gob.es (=?UTF-8?Q?ALVARO_GASCO_FERN=c3=81NDEZ?=)
Date: Fri, 31 Jul 2020 07:48:00 +0200
Subject: [squid-core] Wrong openssl version into Squid -v info
Message-ID: <66329f72-53a5-d5c8-e3c7-6260b9436e74@externos.correo.gob.es>

Hi List!!

My name is Alvaro, from Spain, and i would like to know if you can help 
me about a problem with my new squid version.

In my company, we want to update our squid version to 4.12 because our 
actual version has a vulnerability problem. Our openssl version is 1.1.1g.

When i update squid version and want to know if the process has finished 
correctly, i run *squid -v* into and this is that i receive.

Squid Cache: Version 4.12
Service Name: squid

_*This binary uses OpenSSL 1.0.2k-fips *_ 26 Jan 2017. For legal 
restrictions on distribution see https://www.openssl.org/source/license.html
(Here is the problem, this is my old OpenSSL version)

configure options:  '--prefix=/usr' '--exec-prefix=/usr' 
'--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' 
'--datadir=/usr/share' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' 
'--sharedstatedir=/var/lib' '--mandir=/usr/share/man' 
'--infodir=/usr/share/info' '--verbose' '--exec_prefix=/usr' 
'--libexecdir=/usr/lib64/squid' '--localstatedir=/var' 
'--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' 
'--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid' 
'--disable-dependency-tracking' '--enable-follow-x-forwarded-for' 
'--enable-auth' 
'--enable-auth-basic=DB,NCSA,NIS,POP3,RADIUS,SMB,getpwnam,fake' 
'--enable-auth-ntlm=fake,SMB_LM' '--enable-auth-digest=file' 
'--enable-auth-negotiate=kerberos,wrapper' 
'--enable-external-acl-helpers=file_userip,kerberos_ldap_group,SQL_session,unix_group,wbinfo_group' 
'--enable-cache-digests' '--enable-cachemgr-hostname=localhost' 
'--enable-delay-pools' '--enable-epoll' '--enable-icap-client' 
'--enable-ident-lookups' '--enable-linux-netfilter' 
'--enable-removal-policies=heap,lru' '--enable-snmp' 
'--enable-storeio=aufs,diskd,ufs,rock' '--enable-wccpv2' '--enable-esi' 
'--enable-ssl-crtd' '--enable-icmp' '--with-aio' 
'--with-default-user=squid' '--with-filedescriptors=16384' '--with-dl' 
'--with-openssl=/usr/local/ssl' '--with-pthreads' '--with-included-ltdl' 
'--disable-arch-native' '--enable-ecap' '--without-nettle' 
'build_alias=x86_64-redhat-linux-gnu' 
'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2' 
'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig' 
'–enable-ltdl-convenience' 
'LIBOPENSSL_CFLAGS=-I/opt/openssl/include/openssl' 
'target_alias=–enable-ltdl-convenience' --enable-ltdl-convenience


My openssl version is.

*openssl version -a*
OpenSSL 1.1.1g  21 Apr 2020
built on: Thu Jul  9 12:28:11 2020 UTC
platform: linux-x86_64
options:  bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr)
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 
-DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ 
-DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM 
-DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM 
-DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DNDEBUG
OPENSSLDIR: "/usr/local/ssl"
ENGINESDIR: "/opt/openssl/lib/engines-1.1"

I have CentOS 7.

If you need more info ill send you ASAP.

Regards


-- 
Álvaro Javier Gasco Fernández
Sistemas Correo
Secretaría General de Administración Digital
C/ Manuel Cortina 2, 2ª Planta

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-core/attachments/20200731/3aed1805/attachment.htm>

From squid3 at treenet.co.nz  Fri Jul 31 11:58:43 2020
From: squid3 at treenet.co.nz (Amos Jeffries)
Date: Fri, 31 Jul 2020 23:58:43 +1200
Subject: [squid-core] Wrong openssl version into Squid -v info
In-Reply-To: <66329f72-53a5-d5c8-e3c7-6260b9436e74@externos.correo.gob.es>
References: <66329f72-53a5-d5c8-e3c7-6260b9436e74@externos.correo.gob.es>
Message-ID: <c474c961-a4df-4d53-5fde-4ca826aeccc9@treenet.co.nz>

Please use the squid-users mailing list for help using Squid.


On 31/07/20 5:48 pm, ALVARO GASCO FERNÁNDEZ wrote:
> Hi List!!
> 
> My name is Alvaro, from Spain, and i would like to know if you can help
> me about a problem with my new squid version.
> 
> In my company, we want to update our squid version to 4.12 because our
> actual version has a vulnerability problem. Our openssl version is 1.1.1g.
> 
> When i update squid version and want to know if the process has finished
> correctly, i run *squid -v* into and this is that i receive.
> 
> Squid Cache: Version 4.12
> Service Name: squid
> 
> _*This binary uses OpenSSL 1.0.2k-fips *_ 26 Jan 2017. For legal


This message is printed by the library Squid actually loaded on the
machine it runs.

Check that the 1.1 library is available as the default library on the
machine, in the location Squid has been built to expect it. Given the
old one was a FIPS build there may be OpenSSL config causing a FIPS
library to load as preferred.


Amos