# openssl stuck at version 0.9.8q



## jacs (Jan 17, 2012)

Why is openssl stuck at openssl-0.9.8q in the core of FreeBSD 8.2 and 9.0? There are a number of security issues with 0.9.8q addressed in 0.9.8r and now 0.9.8s yet have not made it into the stable releases?

Thanks

Chris


----------



## SirDice (Jan 17, 2012)

As far as I know those issues have been patched in the supplied openssl.

You can always install security/openssl.


----------



## jacs (Jan 17, 2012)

Thanks for the reply. If the source tree has been patched then the version number has not been bumped up. 


```
CMD>openssl version

OpenSSL 0.9.8q 2 Dec 2010
```
Regarding http://www.freshports.org/security/openssl. I am not keen on having two different versions of openssl installed on the same machine and I understand from postings on the net that there are compatibility issues with the 1.0.0 branch.

I have to sort it though as our server gives a PCI compliance failure over this issue.


----------



## SirDice (Jan 18, 2012)

jacs said:
			
		

> I have to sort it though as our server gives a PCI compliance failure over this issue.


That means it uses a rather 'dumb' way of checking. Apparently it only looks at the version strings and not at the specific vulnerabilities.

If I'm not mistaken Red Hat does the same thing on their systems. They backport the security fix and don't update the version numbers.


----------

