On Thu May 12 2011, Argyris Ps wrote: > > Hi all, > > > I have run a vulnerability scanning against some systems and some > vulnerabilities have come up related with OpenSSL. However, some of them have > not 443 port open or have nothing but a single file named as openSSL inside > some other's application folder. I asked about the operation of that > application and whether it uses openSSL somehow. It does not. Not to mention > that OpenSSL does not appear among the tasks or services running. > > > Sometimes, I find OpenSSH being used but not OpenSSL. Does that use any > OpenSSL libraries? >
OpenSSH can be built against the OpenSSL (or other) libraries. So it is possible that is why your seeing OpenSSL use, check your build of OpenSSH to see how it was created. Although many applications build against the OpenSSL libraries, so the OpenSSH that you see may not be the only reason you see the OpenSSL usage. Mike > > I am trying to understand how my vulnerability scanner detects OpenSSL in > cases like the ones I described above... > > > Is there any way to check whether OpenSSL is being used by a system (eg. > Windows server)? > > > > > I would appreciate anyone's help with this as I am not experienced with > OpenSSL. > > > > > Thank you. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
