[users@httpd] OpenSSL "Heartbleed" Vulnerability (was:Re: [users@httpd] Access control advice needed)

Didier Spaier Wed, 09 Apr 2014 01:54:46 -0700

On 09/04/2014 10:33, pratibha.dhank...@wipro.com wrote:

Hi All,


Can anyone please suggest steps to remove vulnerability *OpenSSL "Heartbleed" 
Vulnerability 
<https://isc.sans.edu/forums/diary/+Patch+Now+OpenSSL+Heartbleed+Vulnerability/17921> *in 
apache.

--

Regards

*Pratibha ***


You should first upgrade to openssl 1.0.1g, or at least patch your openssl 
version.

That should be enough for httpd if dynamically linked to opensssl.

If instead httpd is statically linked to open ssl then you shopuld rebuild 
httpd against openssl 1.0.1g.

Of course you should re-issue possibly stolen certificates as well.

See http://heartbleed.com/ for more information.

HTH,

Didier


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] OpenSSL "Heartbleed" Vulnerability (was:Re: [users@httpd] Access control advice needed)

Reply via email to