It sounds like the update to 13.v3 was not successful.
- FileMaker Server 13.0v3 updates the OpenSSL library to OpenSSL 1.0.1h.
- When you launch FMS 13 start page, what version is indicated? is it 13v3?
- My Server has 1.0.1h installed.
- Are you aware that the fmsadmin process needs to be turned off prior to updating?
- If you are currently at 13v1, you might try updating to 13v2 first and then go straight to 13v4
I hope this helps.
"openssl version" will give you OS X's OpenSSL installed version, which should be 0.9.8y and is not vulnerable to the Heartbleed exploit.
The file here:
/Library/FileMaker Server/Database Server/Frameworks/OpenSSL.framework/Versions/Current/Resources/Info.plist
will give you FileMaker Server's OpenSSL version, which is 1.0.1h on the 13v4 install I just looked at. This is also not vulnerable to Heartbleed.
Thank you for replying. The Mac OS version is 0.9.8zb - which is safe. Be advised that openssl 0.9.8y is vulnerable to other problems http://www.tenable.com/plugins/index.php?view=single&id=77086 . The reason I am dealing with this is because our vulnerability scanner flagged it.
I followed the directions exactly for the updates, and I even removed FMS 13 and reinstalled with the same results. I also installed on a clean install of Mavericks and patched the OS and FMS up, and the website banner still reports 0.9.8y.
Checking /Library/FileMaker Server/Database Server/Frameworks/OpenSSL.framework/Versions/Current/Resources/Info.plist indicates 1.0.1h is in use by FMS - thank you for that John
This makes no sense - why is the website banner indicating 0.9.8y?