3 Replies Latest reply on Aug 25, 2014 7:05 AM by jpolefko

    Filemaker 13 server using openssl 0.9.8y

    jpolefko

      Title

      Filemaker 13 server using openssl 0.9.8y

      Your post

           Hi - I have a mountain lion server with FMP Server 13 installed.  Apparently it is using openssl 0.9.8y, even though I have applied the updates (up to ver 3) and I updated openssl on the Mac OS to 0.9.8zb.  The ver3 update is supposed to include a secure version of openssl - any ideas or suggestions are appreciated, I need to fix this and I am currently out of ideas.

        • 1. Re: Filemaker 13 server using openssl 0.9.8y
          Tsongming

               It sounds like the update to 13.v3 was not successful.

                 
          1.           FileMaker Server 13.0v3 updates the OpenSSL library to OpenSSL 1.0.1h.
          2.      
          3.           When you launch FMS 13 start page,  what version is indicated?  is it 13v3?
          4.      
          5.           My Server has 1.0.1h installed.
          6.      
          7.           Are you aware that the fmsadmin process needs to be turned off prior to updating?
          8.      
          9.           If you are currently at 13v1, you might try updating to 13v2 first and then go straight to 13v4

               I hope this helps.

                

          • 2. Re: Filemaker 13 server using openssl 0.9.8y
            PointInSpace

                 "openssl version" will give you OS X's OpenSSL installed version, which should be 0.9.8y and is not vulnerable to the Heartbleed exploit.

                 The file here:

                 /Library/FileMaker Server/Database Server/Frameworks/OpenSSL.framework/Versions/Current/Resources/Info.plist

                 will give you FileMaker Server's OpenSSL version, which is 1.0.1h on the 13v4 install I just looked at.  This is also not vulnerable to Heartbleed.

                 - John

            • 3. Re: Filemaker 13 server using openssl 0.9.8y
              jpolefko

                   Thank you for replying.  The Mac OS version is 0.9.8zb  - which is safe.  Be advised that openssl 0.9.8y is vulnerable to other problems http://www.tenable.com/plugins/index.php?view=single&id=77086 . The reason I am dealing with this is because our vulnerability scanner flagged it.  

                   I followed the directions exactly for the updates, and I even removed FMS 13 and reinstalled with the same results.  I also installed on a clean install of Mavericks and patched the OS and FMS up, and the website banner still reports 0.9.8y.  

                   Checking /Library/FileMaker Server/Database Server/Frameworks/OpenSSL.framework/Versions/Current/Resources/Info.plist indicates 1.0.1h is in use by FMS - thank you for that John

                   This makes no sense - why is the website banner indicating 0.9.8y?  

                   Thanks,

                   -jp