Upgrade OpenSSL to 3.3.4

Webmin
1
SYSTEM INFORMATION
OS type and version Ubuntu 20.04.6
Webmin version Webmin 2.303

Hello,

A long time since my last question on this forum, and this reveals how smoothly everything has been running, thank you very much.

Now, I am trying to renew our pci compliance, with SecurityMetrics, and I am having a bit of a hard time.

I have solved many issues, and had to submit several false positives, and now there is just one thing pending that I can’t figure how to solve.

They are complaining of my OpenSSL version on my server.

The exact error they are giving is this:

image
image2274×278 27.3 KB

The version of OpenSSL that I have installed on my server is 1.1.1.g, as can be seen in here:

image
image2251×160 31.9 KB

I contacted them telling that that should be a False Positive, but they say that the vulnerability for OpenSSL comes because all OpenSSL editions for 1.1.1 and below have reached their end of life. And that it is recommended to update to OpenSSL which is currently receiving security updates, or provide verification that your OpenSSL is receiving extended support from a reputable source.

They recommend to update to 3.4.1, which I did, but I am afraid that caused some problems, because Webmin continued using the old version, and when I uninstalled the Openssl version registered on Webmin I had to end up recovering from a BackUp.

My question is if it would be possible to upgrade OpenSSL to 3.4 without breaking Webmin.

Also, I am in doubt if Webmin Server is using some older version of OpenSSL and hence the security warning on the scanning results.

As always, many thanks and kind regards from Spain,

Alb

2

Hello,

I’d say it would be harder and messier than moving away from Ubuntu 20.04, which reaches the end of standard support in April 2025, and switching to Ubuntu 24.04.

1 Like
3

Webmin would be the absolute least of your worries if you tried to upgrade OpenSSL. OpenSSL touches everything network on the system, and if you replace it with a newer major version for all of your services, it would be the biggest project you’ve ever embarked on, and you would probably fail (I would probably fail, and I’ve been doing stuff like that for decades).

Please just upgrade your OS to a modern version. EOL for Ubuntu 20.04 is weeks away.

But, also, your scanner people don’t seem to understand the lifecycle of Ubuntu LTS. The Ubuntu folks maintain, including security patches, everything in the distribution. You can check the change log in the package to see all the CVEs that have been patched in the package on your system. It’s probably all the serious ones. But, really just upgrade your OS.

So, to sum up:

  1. Webmin is the least of your problems. It’s just using the system OpenSSL libraries, but everything else is, too.
  2. Your OS is about to reach EOL. You should be planning an urgent migration or upgrade to a newer version already, regardless of this.
  3. Your scanner people are probably wrong about the state of the version of OpenSSL on your system. Ubuntu 20.04 LTS is still maintained, including OpenSSL. But, it’s only maintained for a few more weeks.
2 Likes
4

@Joe and @Ilia, many thanks for your replies.

It seems that the OS upgrade that I have been delaying for months is becoming closer.

Totally agree of what you say about the scanner people Joe.

Many thanks and kind regards from Spain,

5

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.