Hello Jane,

Your case is not related to Windows for Business or Windows 365 Enterprise. What you are dealing with is an application dependency issue around OpenSSL versions on Windows. Winget installs the latest OpenSSL binaries into a system path, but applications do not automatically switch to using them. Each program either links statically to its own bundled OpenSSL libraries or dynamically loads them from a specific path. That means even if you have the newest OpenSSL installed globally, older applications may still be calling their embedded or outdated DLLs.

To verify which version is actually being used, you need to inspect the binaries that the application loads. On Windows, the most reliable way is to use Process Explorer from Sysinternals. Launch the application, open Process Explorer, and check the loaded modules under the process. If you see libssl-1_1.dll or libcrypto-1_1.dll, note the file path. That path tells you whether the program is using the system-installed OpenSSL or its own copy. You can also run openssl version from the command line to confirm the version of the OpenSSL binary you installed via Winget, but that only confirms the global installation, not what each application is consuming.

There is no single command line that forces all applications to use the new OpenSSL. Each application must either be updated by its vendor to link against the newer libraries, or you must replace the older DLLs in the application’s directory with the updated ones though this is risky and not recommended unless the vendor explicitly supports it. The best practice is to update the applications themselves to versions that are compiled against the latest OpenSSL.

I hope you've found something useful here. If it helps you get more insight into the issue, it's appreciated to accept the answer. Should you have more questions, feel free to leave a message. Have a nice day!

Domic Vo.

Answer from Domic Vo on learn.microsoft.com
🌐
SSL Dragon
ssldragon.com › home › tutorials › openssl tutorials › how to check the openssl version on linux, windows, and mac?
How to Check the OpenSSL Version on Linux, Windows, and Mac? - SSL Dragon
2 weeks ago - OpenSSL is pre-installed on most Linux distributions and on macOS, while on Windows you usually install it yourself. Open the terminal: press Ctrl + Alt + T, or search for “Terminal” in your applications menu. ... The output shows the installed ...
Top answer
1 of 2
1

Hello Jane,

Your case is not related to Windows for Business or Windows 365 Enterprise. What you are dealing with is an application dependency issue around OpenSSL versions on Windows. Winget installs the latest OpenSSL binaries into a system path, but applications do not automatically switch to using them. Each program either links statically to its own bundled OpenSSL libraries or dynamically loads them from a specific path. That means even if you have the newest OpenSSL installed globally, older applications may still be calling their embedded or outdated DLLs.

To verify which version is actually being used, you need to inspect the binaries that the application loads. On Windows, the most reliable way is to use Process Explorer from Sysinternals. Launch the application, open Process Explorer, and check the loaded modules under the process. If you see libssl-1_1.dll or libcrypto-1_1.dll, note the file path. That path tells you whether the program is using the system-installed OpenSSL or its own copy. You can also run openssl version from the command line to confirm the version of the OpenSSL binary you installed via Winget, but that only confirms the global installation, not what each application is consuming.

There is no single command line that forces all applications to use the new OpenSSL. Each application must either be updated by its vendor to link against the newer libraries, or you must replace the older DLLs in the application’s directory with the updated ones though this is risky and not recommended unless the vendor explicitly supports it. The best practice is to update the applications themselves to versions that are compiled against the latest OpenSSL.

I hope you've found something useful here. If it helps you get more insight into the issue, it's appreciated to accept the answer. Should you have more questions, feel free to leave a message. Have a nice day!

Domic Vo.

2 of 2
0

To ensure that your applications are using the new version of OpenSSL after updating, you can follow these steps:

  1. Check OpenSSL Version: You can verify the installed version of OpenSSL by running the following command in your command line:
       openssl version
    
    This command will display the version of OpenSSL currently in use.
  2. Verify Application Dependencies: For applications that depend on OpenSSL, you may need to check their documentation or use specific commands to see which version of OpenSSL they are linked against. This can vary by application, but many applications will have a command-line option to display version information.
  3. Check for Multiple Versions: If you suspect that multiple versions of OpenSSL are installed, you can check the paths of the OpenSSL binaries in your system. Use the following command to find all instances of OpenSSL:
       where openssl
    
    This will show you the locations of the OpenSSL executables, and you can verify if the correct version is being used.
  4. Update Environment Variables: Ensure that your system's PATH environment variable points to the directory of the new OpenSSL installation. This can help ensure that applications use the correct version.
  5. Testing Applications: After updating, test your applications to ensure they function correctly. If they fail or report issues related to OpenSSL, they may still be referencing an older version.

By following these steps, you can confirm that your applications are using the updated version of OpenSSL and mitigate any vulnerabilities associated with older versions.

Discussions

How do I find old versions of OpenSSL across my company?
Since OpenSSL is treated as more of a library/resource it is compiled with some programs The majority of applications will bundle it as a dynamic library -- .dll on Win32, .so on Linux and BSD, .dylib on macOS. Are you sure MS Defender won't give you the pathnames of these files? More on reddit.com
🌐 r/sysadmin
5
3
October 19, 2023
c - How to know the version of OpenSSL my peer is using? - Stack Overflow
I have a C application. I want to distinguish my senders based on the openssl version they are using from my recevier. I have one with openssl 1.0.2 and the other with openssl 3.0.5. Is there anywa... More on stackoverflow.com
🌐 stackoverflow.com
c++ - How to determine version of openssl library? - Stack Overflow
I have a pre-built OpenSSL library (libssl.a and libcrypto.a) which are being used for my C++ application. I don't know the version of the OpenSSL library. Is there any way to get the version number More on stackoverflow.com
🌐 stackoverflow.com
ssl - How to install OpenSSL in Windows 10? - Stack Overflow
Cygwin also allows you to easily update the versions as needed when vulnerabilities are fixed. Please update your version of OpenSSL often! Open a Windows Command prompt and check to see if you have OpenSSL installed by entering: openssl version More on stackoverflow.com
🌐 stackoverflow.com
People also ask

How is AutoInstall SSL™ different from Let’s Encrypt or Certbot?
The key differences are warranty coverage (up to $500,000), a CA-issued site seal, 24/7 support, and a managed agent that requires no ongoing maintenance. The full side-by-side breakdown is in the comparison section above. SSL Dragon’s ACME SSL Certificates page covers the alternative protocol-based approach.
🌐
ssldragon.com
ssldragon.com › home › tutorials › openssl tutorials › how to check the openssl version on linux, windows, and mac?
How to Check the OpenSSL Version on Linux, Windows, and Mac? - ...
Which SSL certificates are compatible?
The tool supports single-domain and wildcard DV certificates from RapidSSL and GeoTrust. SSL Dragon offers four bundles: RapidSSL Standard + AutoInstall, RapidSSL Wildcard + AutoInstall, GeoTrust QuickSSL Premium + AutoInstall, and GeoTrust QuickSSL Premium Wildcard + AutoInstall.
🌐
ssldragon.com
ssldragon.com › home › tutorials › openssl tutorials › how to check the openssl version on linux, windows, and mac?
How to Check the OpenSSL Version on Linux, Windows, and Mac? - ...
Are wildcard certificates supported?
Yes. Both the RapidSSL Wildcard + AutoInstall and GeoTrust QuickSSL Premium Wildcard + AutoInstall bundles cover unlimited subdomains on a single level (for example, shop.example.com, mail.example.com, app.example.com). Wildcard certificates require DNS-based validation, which the agent handles automatically for supported DNS hosts.
🌐
ssldragon.com
ssldragon.com › home › tutorials › openssl tutorials › how to check the openssl version on linux, windows, and mac?
How to Check the OpenSSL Version on Linux, Windows, and Mac? - ...
🌐
Brainly
brainly.com › computers and technology › high school › how do you check the openssl version in windows?
[FREE] How do you check the OpenSSL version in Windows? - brainly.com
November 19, 2023 - Open the Command Prompt by pressing the Windows key + R, typing 'cmd', and pressing Enter. In the Command Prompt, type 'openssl version' and press Enter. The OpenSSL version will be displayed, such as 'OpenSSL 1.1.1g 21 Apr 2020'.
🌐
Windows Report
windowsreport.com › how to › how to check the openssl version in windows and linux
How to Check the OpenSSL Version in Windows and Linux
February 26, 2025 - Here’s a quick guide to help you effortlessly check your OpenSSL version. ... For Windows: click on the Start menu, type cmd, and press Enter.
🌐
SSL Malaysia
sslmalaysia.com.my › home › how to check openssl version on your operating system
How to Check OpenSSL Version on Your Operating System - SSL Malaysia
August 21, 2024 - To check the installed OpenSSL version, run the following command: ... Here, 1.1.1k is the version number, and 25 Mar 2021 is the release date.
🌐
RedSwitches
redswitches.com › home › operating systems › check the openssl version number in 3 easy steps
How To Check The OpenSSL Version Number
November 5, 2024 - To find out which version of OpenSSL your system uses, you can use the openssl version command. This command prints out the version information in the terminal. The first step is to access the command line on your system.
Find elsewhere
🌐
PhoenixNAP
phoenixnap.com › home › kb › web servers › how to check openssl version number
How to Check the OpenSSL Version Number
March 25, 2026 - Access to a terminal window (Ctrl + Alt + T). OpenSSL installed on your system. The openssl version command allows you to determine the version your system is using. This information is useful to determine if a particular feature is available, ...
🌐
Cloudzy
cloudzy.com › home › blog › security & networking › how to install openssl on windows 10 & 11
How to Install OpenSSL on Windows 10 & 11 · Cloudzy Blog
September 21, 2025 - The quickest way to verify is using the command openssl version in Command Prompt. This is the standard method for how to check OpenSSL version in Windows and will display version information if properly installed.
🌐
OpenSSL
docs.openssl.org › 3.5 › man1 › openssl-version
openssl-version - OpenSSL Documentation
On Windows however, there is no such expectation, as libraries can be installed to arbitrary locations. OSSL_WINCTX was introduced as a new build time variable to define a set of registry keys identified by the name openssl-<version>-<ctx>, in which the <version> value is derived from the version string in the openssl source, and the <ctx> extension is derived from the OSSL_WINCTX variable.
🌐
DedicatedCore
dedicatedcore.com › home › how to check openssl version number
How to Check OpenSSL Version Number - DedicatedCore Blog
February 13, 2025 - These techniques enable you to check the OpenSSL version on your system whether you use Linux, macOS, Windows, or Python. You help make the internet safer by keeping current with the most recent OpenSSL releases.
🌐
A2 Hosting
a2hosting.com › kb › security › ssl › determining-the-openssl-version
The Best Web Hosting Services at 20x Speeds | hosting.com
Get the best hosting with premium hardware for speed and reliability. 24/7/365 global support. Try risk-free with our money back guarantee.
🌐
Reddit
reddit.com › r/sysadmin › how do i find old versions of openssl across my company?
r/sysadmin on Reddit: How do I find old versions of OpenSSL across my company?
October 19, 2023 -

OpenSSL recently ended LTS for version 1.1, and has suggested to move to version 3.0 or 3.1 as soon as possible. I use Intune and Defender 365 for our windows devices, how can I search for the old installed versions? Since OpenSSL is treated as more of a library/resource it is compiled with some programs, some PC's have multiple versions that I can see through "advanced hunting" in defender (see picture https://imgur.com/a/fBRxiNN). How do I find where these versions are installed so I can address them?

Any help is greatly appreciated.

Top answer
1 of 2
4

OpenSSL is not part of Tomcat. It's a seperate application. You don't need OpenSSL to use Tomcat. OpenSSL is used for SSL on Unix and Linux systems. Windows has its own SSL implementation, but you can install openssl on Windows as well.

Do you use SSL for Tomcat? So do you connect to the tomcat webapp using something like https://localhost:8443 or do you have IIS or Apache inbetween? The log example you quote is an example!

If you have Openssl installed, you can find the version by following these steps:

  • Click the Windows "Start" button and type "cmd" into the search text box. Press "Enter" to open your Windows command line.
  • Type "openssl /?" to view a list of options for the command line utility. This also shows you the proper syntax for the command.
  • Type "openssl version" and press "Enter." The OpenSSL version is displayed in the Windows command line utility.

If the openssl command returns an error, it's probably not installed.

2 of 2
2

There are several common modes of deployment for Tomcat on MS-Windows if HTTPS is enabled:

  1. Tomcat running behind IIS, OpenSSL is not used
  2. Tomcat running behind Apache, OpenSSL is that used by Apache
  3. Tomcat standalone server with JSSE connector (Java SSL), OpenSSL is not used
  4. Tomcat standalone server with APR connector, OpenSSL in use

If you have a standalone Tomcat server you can determine which HTTPS method is used by inspecting the Connector protocol configuration. The Apache provided Tomcat 6.0 binaries include APR (and hence OpenSSL) by default, though you may not be using it (upgrade anyway!). Further, if you have OpenSSL installed separately, it's irrelevant from Tomcat's point of view (though it might be used by your Apache or other web server).

If you are using an official (contrib) Apache-2.2 web server binary, the OpenSSL version number is typically encoded in the installer package file name. For 2.4 there are several different packaged versions. At least one (Apachehaus) documents the OpenSSL version and provide an openssl.exe you can run, though it may not be in the normal user PATH it's in the bin/ subdirectory of the Apache installation.

If you have LogLevel of "info" or higher, Apache will log the mod_ssl and OpenSSL versions on startup. Since 6.0.36, Tomcat6 does the same (bug #53057).

To peek at what DLLs a running process has loaded Process Explorer is handy, sadly though it appears that the normal Tomcat binary distribution link OpenSSL (and more) into a single DLL (tcnative-1.dll) rather than an easily identifiable (and replaceable) libssl.dll/libcrypto.dll (or similar) as is the convention on *nix systems. (This analysis will work on the Apachehaus Apache httpd though.)

A fairly primitive but reliable way then is to use find (or strings if you have it already), from a cmd prompt:

cd \Program Files\apache-tomcat\bin
find "OpenSSL" tcnative-1.dll
[...]
TLSv1 part of OpenSSL 1.0.1d 5 Feb 2013
SSLv3 part of OpenSSL 1.0.1d 5 Feb 2013
SSLv2 part of OpenSSL 1.0.1d 5 Feb 2013
DTLSv1 part of OpenSSL 1.0.1d 5 Feb 2013

Process Explorer will tell you the location of tcnative-1.dll for a running tomcat6 process if you cannot find it easily.

To summarise:

  • check netstat -abn -p TCP to see what's listening on 443 (or whatever HTTPS port you use)
  • check your connector to see if, and how, Tomcat provides SSL
  • check your webserver version and HTTPS configuration
🌐
Namehero
namehero.com › blog › openssl-version-how-to-check
OpenSSL Version: How To Check
January 13, 2025 - In Linux you can check the OpenSSL version number on the command line interface with a simple command. But first you’ll need to access your Linux system and once logged in, just run the following OpenSSL version command in your terminal: ... After running the above command we will see the version information such as the OpenSSL package version number and date of release: The same command would be used on Windows to check the version information of OpenSSL.
🌐
KB Hosting
kb.hosting.com › docs › determining-the-openssl-version
Determining the OpenSSL version - hosting.com
Learn how to check\_which OpenSSL version is installed. Verify if specific features are available or if the version may be affected by a security issue.
🌐
LabEx
labex.io › tutorials › nmap-how-to-check-openssl-version-420709
How to check OpenSSL version | LabEx
This comprehensive tutorial provides developers and system administrators with essential techniques to detect and verify OpenSSL versions across multiple platforms, helping to identify potential vulnerabilities and ensure cryptographic integrity.
Top answer
1 of 1
3

I own both sender and receiver. I know they use OpenSSL. I want to implement a backward compatibilty for the new version of my application which will be using OpenSSL 3.0.

Detecting the versions of the peers TLS library is is not how backward compatibility for the TLS layer should be implemented. Instead your server should expect specific TLS protocol versions and ciphers supported.

OpenSSL 1.0.2 supports up to TLS 1.2 - which is also supported by OpenSSL 3.0 (which also supports TLS 1.3). Also there is lots of overlap in supported ciphers between OpenSSL 1.0.2 and OpenSSL 3.0 - see here for 1.0.2 and here for 3.0. Note that the actual supported ciphers and protocol versions also depend on the application and maybe its configuration, but if you control both a match should be possible.

(From a comment) So, actually My old code has some issues (which i didnt write). ... So, I want to know the version of ssl of sender and then do SSL_shutdown for my receiver to work properly with senders using any version of SSL.

Based on this your actual requirement is not to get the exact version of the TLS library, but instead only to distinguish between a client using OpenSSL 1.0.2 and one using OpenSSL 3.0, and only after the TLS handshake is done. This requirement is much simpler than actually detecting the TLS version: With a properly configured OpenSSL 3.0 client you should be able to get TLS 1.3, while with OpenSSL 1.0.2 you can only get TLS 1.2. Getting the TLS version of an established TLS session can be done by calling SSL_get_version.

🌐
Serverscheduler
serverscheduler.com › blog › check-openssl-version
How to Check OpenSSL Version on Any System
March 4, 2026 - Learn how to check OpenSSL version on Linux, Windows, and macOS. Our guide covers simple commands, interpreting outputs, and why it's vital for security.