Heartbleed Bug In OpenSSL compromised Internet security for nearly everyone?

  Follow me: Follow Bruce Kirkpatrick by email subscription Bruce Kirkpatrick on Twitter Bruce Kirkpatrick on Facebook
Tue, Apr 08, 2014 at 4:55PM

It is fairly rare that a security flaw affects the majority of the Internet, yet that is what we're faced with in the case of the Heartbleed OpenSSL Bug.

Read more about it here: http://heartbleed.com/

The problem is so serious that I rushed to fix our servers minutes after learning about the problem.

You can verify if your servers are vulnerable with the following online service:

http://filippo.io/Heartbleed/

Thankfully, the fix is easy since most OS distributions already have an official patch for this problem.

I had to deal with a few details when upgrading my systems.

How do you fix this problem on Ubuntu 13.04?  

Well, since 13.04 is no longer officially supported, it is not possible to do through apt-get automatically.

However, you can still download the deb package files for Ubuntu 13.10 (saucy) and install them manually.  They seemed to work fine for me with Nginx.

For Nginx, I had to download and install the libssl package as well.  I also had to re-compile nginx since I use a customized version.

After installing the newer version of libssl and openssl, make sure you use the "restart", not "reload" command for your web server.   I found it to be a mandatory step to run "service httpd restart" and "service nginx restart" on multiple servers.

Hope this helps someone!


Bookmark & Share



Popular tags on this blog

Performance |