Hello, We are using mac Leopard OS. We have rolled our own Apache(2.2.16) separate from the default install. We have also rolled our own OpenSSL to the latest version. However when we compile Apache and enable mod_ssl it still uses the old OpenSSL version. We can see it in our http headers:
Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7l When typing "openssl version" from my account and the root account I get: OpenSSL 1.0.0a 1 Jun 2010 I've seen this in some apache configs: --enable-ssl --with-ssl=/usr/local/ssl I've tried the above with no success. According to the output I get when configuring/making/installing apache it is finding openssl at the above directory. The problem is though that the http header stays the same. The problem is we can't upgrade the default openssl version on the OS without apple providing the update. The outdated version is tripping our security scans. Like I said we rolled our owned updated version but cannot get apache/mod_ssl to use it. Any help is appreciated. Thanks, Gunner Geller