CPanel regularly lags behind the latest versions of some of its software components. For me in particular this delay in upgrading OpenSSL was causing security issues for a customers dedicated server. CPanels security manager was advising us that that a) the build we were using was hack free (not the case) b) indicating that the latest revision of OpenSSL was a version that was more than two revisions previous to the current OpenSSL release on www.openssl.org.
So I decided to manually upgrade the version of OpenSSL on the server (not a fun thing to take on not being a Linux buff) and with a little help from Google I managed to get it done on a server running CentOS 5, Apache 2.0, PHP 5.2.5, MySQL, mod_ssl 2.0.61, etc.
1) Establish a console session as root
2) Check the version of OpenSSL currently running by running:
openssl version
Which will return something a long the lines of “OpenSSL 0.9.7a 1 Jan 2003″, except with the current build info that your running.
3) Run the following commands to install OpenSSL (in our case 0.9.8g) on the server:
mkdir /root/setup && cd /root/setup
wget http://www.openssl.org/source/openssl-0.9.8g.tar.gz
tar -xvzf openssl-0.9.8g.tar.gz
cd openssl-0.9.8g
./config
make
make install
Note: Make sure you allow all processes to finish gracefully before running the next.
4) Run the following command to verify the installation was successful:
openssl version
This should return the build information for the build you just installed 
5) Run the following commands to ensure the include files are in the correct place(s):
cd /home/root/openssl/openssl-0.9.8g
cd include/openssl
cp * /usr/include
cp * /usr/local/ssl/include
cp * /usr/local/ssl/include/openssl
6) Run the following commands to ensure the lib files are in the correct place(s):
cd /home/root/openssl/openssl-0.9.8g
cp lib* /usr/local/ssl/lib/
cp lib* /usr/lib/ ldconfig
7) You will need to ‘freeze’ the version of OpenSSL your running so WHM doesn’t write over it while compiling Apache. This requires you to exclude it from the yum updates, by altering /etc/yum.conf. The first line of which will read something a long the lines of:
exclude=mod_ssl* httpd* perl mysql* php* spamassassin* kernel* exim* courier* apache*
You need to add OpenSSL to this, which should get it to end up looking more like this:
exclude=mod_ssl* httpd* perl mysql* php* spamassassin* kernel* exim* courier* apache* openssl*
Note: You could alter this back, but at some point WHM will be bound to overwrite your new copy of OpenSSL with an older version.
Rebuild Apache in the normal manor (you can use Easy Apache in WHM or do it manually) using the ‘Apache Update’ link in WHM.
9) You should be good to go!
Credits to the following sites & authors for providing me with the original info, allowing me to piece together this mini guide:
Linux Setup Notes – T.J.Nelson
http://brneurosci.org/linuxsetup54.html
Lunarpages
http://www.lunarforums.com/lunarpages_cpanel_whm/upgrading_openssl_on_a_cpanel_server-t35011.0.html
