On 09/04/2014 10:33, pratibha.dhankhar@xxxxxxxxx wrote:
Hi All, Can anyone please suggest steps to remove vulnerability *OpenSSL "Heartbleed" Vulnerability <https://isc.sans.edu/forums/diary/+Patch+Now+OpenSSL+Heartbleed+Vulnerability/17921> *in apache. -- Regards *Pratibha ***
You should first upgrade to openssl 1.0.1g, or at least patch your openssl version. That should be enough for httpd if dynamically linked to opensssl. If instead httpd is statically linked to open ssl then you shopuld rebuild httpd against openssl 1.0.1g. Of course you should re-issue possibly stolen certificates as well. See http://heartbleed.com/ for more information. HTH, Didier --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|