OpenSSL 1.0.2k and XAMPP

There is a vulnerability discovered for OpenSSL recently. If you are using 1.0.2 version, it’s recommended to upgrade to 1.0.2k. We have a system running XAMPP which is affected by this. Unfortunately, the latest version of XAMPP does not include the 1.0.2k of OpenSSL.

You can just update the OpenSSL version though. Here are the steps:

  1. Download the 1.0.2k zip file from this site.
    https://indy.fulgan.com/SSL/
  2. Extract the files.
  3. Stop the Apache service.
  4. Make a backup of these 3 files in C:\xampp\apache\bin
    ssleay32.dll
    libeay32.dll
    openssl.exe
  5. Copy the same 3 files from the extract files location to C:\xampp\apache\bin
  6. Start the Apache service.