Hi guys, Sorry if I end up doing this wrong (don't tend to post to lists often), thread-wise, but I ran into the same issue where it seemed that despite upgrading OpenSSL to the patched version, my Apache server was still vulnerable to Heartbleed.
Just curious - are you running Google's mod_spdy? If so, that was the culprit for me - check: /etc/apache2/mods-enabled/ssl.load They overrode mod_ssl like so: LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl_with_npn.so I just decided to uninstall the package entirely to revert to /usr/lib/apache2/modules/mod_ssl.so and that fixed it. There may be other plugins that do this, so I'd recommend anyone running into this double-check what modules Apache is *actually* set to load. Hope this helps. :) - Gary Carter -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53444bae.30...@kithop.ca