httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Didier Spaier <didier.spa...@epsm.fr>
Subject [users@httpd] OpenSSL "Heartbleed" Vulnerability (was:Re: [users@httpd] Access control advice needed)
Date Wed, 09 Apr 2014 08:53:37 GMT
On 09/04/2014 10:33, pratibha.dhankhar@wipro.com wrote:
> Hi All,
>
> Can anyone please suggest steps to remove vulnerability *OpenSSL "Heartbleed" Vulnerability
<https://isc.sans.edu/forums/diary/+Patch+Now+OpenSSL+Heartbleed+Vulnerability/17921>
*in apache.
>
> --
>
> Regards
>
> *Pratibha ***
>

You should first upgrade to openssl 1.0.1g, or at least patch your openssl version.

That should be enough for httpd if dynamically linked to opensssl.

If instead httpd is statically linked to open ssl then you shopuld rebuild httpd against openssl
1.0.1g.

Of course you should re-issue possibly stolen certificates as well.

See http://heartbleed.com/ for more information.

HTH,

Didier


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message