Nonsensical SSL Notification

  • Resolved gohanman

    (@gohanman)


    6 years, 7 months ago

    On upgrading to 7.1.3, Wordfence sent me this odd notification via email.

    Your site is using an OpenSSL version (1.0.1) that is no longer supported by Wordfence and needs to be updated. We recommend using the newest version of OpenSSL but will currently support OpenSSL versions as old as 1.0.1. Version checks are run regularly, so if you have successfully updated, you can dismiss this notice or check that the update has taken effect later.

    This seems to be saying that Wordfence does not support OpenSSL 1.0.1 and also that the minimum OpenSSL version Wordfence supports is 1.0.1. What is the actual minimum supported version?

Viewing 3 replies - 1 through 3 (of 3 total)

  • Hi @gohanman,

    Thank you for bringing this up.

    Our developers are aware of this issue and a fix will be implemented in the upcoming version (7.1.4).

    Wordfence does support OpenSSL 1.0.1; you can find more information in our documentation.

    Thread Starter gohanman

    (@gohanman)

    FWIW, I did look at the documentation before posting. What’s distinctly not helpful about the documentation is that it also does not say which version of OpenSSL is supported. Saying “more than 5 years old” is way more ambiguous than listing a minimum version number. Also, OpenSSL 1.0.1 was released a bit over 6 years ago.

    Hi @gohanman,

    That “5 years old” statement was more of a general recommendation. Sorry if it caused some confusion.

    In case you still see/receive that alert after the next Wordfence update or if your host is having trouble connecting to our servers, please let us know and we’ll be happy to further assist you.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Nonsensical SSL Notification’ is closed to new replies.

Tags