False cURL SSL Version warning?

In my Status>Server settings I see a warning for the cURL SSL Version because the detected version is OpenSSL/1.0.2u.

But my site is running OpenSSL/1.2 / 1.3 and 1.0 and 1.1 are disabled.

This seems to be a false warnig?

Here is the exact code used to get that number - As you can see it’s utilizing the PHP curl_version(); method built into PHP. This is coming directly from your sever. Therefore, for some reason, the specific version of PHP that you are running is giving you that number.

What does a simple phpinfo(); show you?

https://www.php.net/manual/en/function.curl-version.php


I don’t get it. I looked in the Diagnostics Tools in Wordfence and see these 2 different values:

Checking OpenSSL version = OpenSSL 1.1.0l 10 Sep 2019
cURL SSL Version = OpenSSL/1.0.2u

Are these 2 different things?

I also spoke with Cloudways support and they say I can savely ignore the MainWP status warning?

You are (probably) looking at 2 different servers/hosting environments here. Unless MainWP is installed on the same instance.

@Alwin It’s a false positive due to the way Cloudways has there side setup - we will have to look into why that is.
If that’s what they said and there is no actually issue with the functionality then I would ignore it.

Cloudways docs also state that those are the versions installed:

openssl (library version 1.1.1i | header version 1.1.1i)

In short - Yes, they are two different things.

openSSL is a Cryptography Library installed on linux responsible for handling secure communication by issuing & checking cryptographic keys

The OpenSSL Project develops and maintains the OpenSSL software - a robust, commercial-grade, full-featured toolkit for general-purpose cryptography and secure communication.

cURLSSL is a tool built into cURL another Linux application that is used for communication over HTTPS protocol.

I have same exact issue on Cloudways

Hows this going to be fixed???

Apologies, this was missed but the warning tells you how it needs to be fixed and even the minimum version you should use.

Do you have other questions not explained?

1 Like

This is CLOUDWAYS response to updating:
2

Whats wrong with them, I’m sure you’ve seen this before, whats the fix ?

You’ve tried CLOUDWAYS before haven’t you ???

The fix is for this is to install the correct version which has been mentioned above. This is a hosting issue not a MainWP issue.

Have you guys had this issue b4 on Cloudways and if so what did you do about it ?

Reason I ask is because they are telling me they cant update it

@jaso That’s probably because Cloudways manages the server “Hardware” and you are responsible for the Linux OS that’s install on top of there platform.

Your issue is that’s the OpenSSL library is actually out of date. This thread is about a FALSE Positive when it’s
NOT out of date…

CW is talking out their asses… Try launching an SSH Terminal to your server and update it.
StackPath

How to update OpenSSL via terminal:
https://docs.rackspace.com/support/how-to/update-openssl-on-ubuntu/

@kwcjr thank you, I have now ripped into them with guns blazing & bullets bouncing.

Cheers

1 Like

@jaso Their CS probably don’t know any better & used canned responses to speed up answering tickets - until you escalate your tickets to the right department you probably aren’t going to get anyone that knows wtf they are talking about. Shame really.

1 Like