How to determine OpenSSL version in Solaris 10

Finding your OpenSSL (Open Source Secure Sockets Layer) version in Solaris 10 Unix:

sunbox# /usr/sfw/bin/openssl version

OpenSSL 0.9.7d 17 Mar 2004 (+ security patches to 2006-09-29)

The current stable release is OpenSSL 1.0.1c.

Don’t forget the space between the command path and “version”!

Update 9 April 2014: This post has received a lot of attention recently due to the OpenSSL heartbleed vulnerability (CVE-2014-0160). This OpenSSL vulnerability did not affect OpenSSL versions prior to 1.0.1, so if you are running the older versions packaged with Solaris, you might be OK. The heartbleed vulnerability is reportedly fixed in OpenSSL version 1.0.1g and affected in versions 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a and 1.0.1. But you better check and keep patching before your heart bleeds out!  The site Unixpackages.com now has an updated Solaris package for version 1.0.1g of OpenSSL.

Update April 18, 2014: And now Oracle finally releases an official patch for Solaris. I received an email at 2 pm Pacific time with their security alert:

http://www.oracle.com/technetwork/topics/security/alert-cve-2014-0160-2190703.html 

Seems a little late in the game for Oracle but there’s the update. Happy patching!

Oracle released another updated OpenSSL patch for Solaris 10 on June 13, 2014.

Here’s the readme file for patch 148071-13.

And another update to the ongoing OpenSSL patch saga:

February 2015:  OpenSSL packages 1.0.1j for Solaris 8-11 on SPARC and Solaris 10-11 on x86 have been updated to version 1.0.2. available from UnixPackages.com. Check out the OpenSSL patch changelog here.

Heartbleed.svg