Jochen Spieker:
Sven Hartge:
I presume mod_spdy is not from any offical package (cannot find any
package matching spdy in Debian anywhere) but a module compiled by
yourself?
I think I installed a .deb from Google which added the file
/etc/apt/sources.list.d/mod-spdy.list:
deb
On 2014-04-09, Jochen Spieker m...@well-adjusted.de wrote:
The repository now contains a fixed version (0.9.4.2-r413). I tested it
and the new version looks fine.
Don't mean to hijack, but is this a useful tool?
http://filippo.io/Heartbleed/
(I'm an ignorant end user who has just woken up
Curt:
On 2014-04-09, Jochen Spieker m...@well-adjusted.de wrote:
The repository now contains a fixed version (0.9.4.2-r413). I tested it
and the new version looks fine.
Don't mean to hijack, but is this a useful tool?
http://filippo.io/Heartbleed/
Yes, it is. Qualys tests for the new
On 2014-04-09, Jochen Spieker m...@well-adjusted.de wrote:
http://filippo.io/Heartbleed/
Yes, it is. Qualys tests for the new attack as well now:
https://www.ssllabs.com/ssltest/
Thank you. The ssllabs test seems quite thorough!
--
To UNSUBSCRIBE, email to
Curt cu...@free.fr wrote:
On 2014-04-09, Jochen Spieker m...@well-adjusted.de wrote:
The repository now contains a fixed version (0.9.4.2-r413). I tested it
and the new version looks fine.
Don't mean to hijack, but is this a useful tool?
http://filippo.io/Heartbleed/
To scan your
On Apr 9, 2014 3:51 PM, Sven Hartge s...@svenhartge.de wrote:
Curt cu...@free.fr wrote:
On 2014-04-09, Jochen Spieker m...@well-adjusted.de wrote:
The repository now contains a fixed version (0.9.4.2-r413). I tested it
and the new version looks fine.
Don't mean to hijack, but is this a
Hi,
as many others, I patched my machines today because of the horrible
OpenSSL bug:
$ apt-cache policy libssl1.0.0
libssl1.0.0:
Installed: 1.0.1e-2+deb7u6
Candidate: 1.0.1e-2+deb7u6
Version table:
1.0.1g-1 0
-10 http://http.debian.net/debian/ sid/main amd64 Packages
***
Hi.
On Tue, Apr 08, 2014 at 04:49:13PM +0200, Jochen Spieker wrote:
Am I doing anything wrong? Is the testing tool broken? I also tried the
one at https://gist.github.com/takeshixx/10107280 which confirms there
is still a problem on port 443 (HTTPS served by Apache).
No, chances are, you're
On 09/04/14 00:49, Jochen Spieker wrote:
Hi,
as many others, I patched my machines today because of the horrible
OpenSSL bug:
$ apt-cache policy libssl1.0.0
libssl1.0.0:
Installed: 1.0.1e-2+deb7u6
Candidate: 1.0.1e-2+deb7u6
Version table:
1.0.1g-1 0
-10
Reco:
Hi.
On Tue, Apr 08, 2014 at 04:49:13PM +0200, Jochen Spieker wrote:
Am I doing anything wrong? Is the testing tool broken? I also tried the
one at https://gist.github.com/takeshixx/10107280 which confirms there
is still a problem on port 443 (HTTPS served by Apache).
No, chances
Scott Ferguson:
On 09/04/14 00:49, Jochen Spieker wrote:
as many others, I patched my machines today because of the horrible
OpenSSL bug:
$ apt-cache policy libssl1.0.0
libssl1.0.0:
Installed: 1.0.1e-2+deb7u6
Candidate: 1.0.1e-2+deb7u6
Version table:
1.0.1g-1 0
-10
Jochen Spieker m...@well-adjusted.de wrote:
Am I doing anything wrong? Is the testing tool broken? I also tried the
one at https://gist.github.com/takeshixx/10107280 which confirms there
is still a problem on port 443 (HTTPS served by Apache).
That test tool was updated a few hours ago to
Sven Hartge:
Jochen Spieker m...@well-adjusted.de wrote:
I have the most recent version and it still reports my system to be
vulnerable.
Are you sure you restarted the right system? (Just asking, had the same
problem today, was looking at a totally different system than the one I
thought
Jochen Spieker m...@well-adjusted.de wrote:
Thinking about this … what I actually use is mod_spdy which is not
linked against libssl. It probably has the same bug …
Yes, here it is:
https://code.google.com/p/mod-spdy/issues/detail?id=85
| Note that just disabling the spdy module in Apache
Hi guys,
Sorry if I end up doing this wrong (don't tend to post to lists often),
thread-wise, but I ran into the same issue where it seemed that despite
upgrading OpenSSL to the patched version, my Apache server was still
vulnerable to Heartbleed.
Just curious - are you running Google's
Jochen Spieker m...@well-adjusted.de wrote:
Thinking about this … what I actually use is mod_spdy which is not
linked against libssl. It probably has the same bug …
Yes, here it is:
https://code.google.com/p/mod-spdy/issues/detail?id=85
| Note that just disabling the spdy module in Apache
Sven Hartge:
Jochen Spieker m...@well-adjusted.de wrote:
Yes, here it is:
https://code.google.com/p/mod-spdy/issues/detail?id=85
| Note that just disabling the spdy module in Apache won't work, because
| the SSL library itself is replaced. Easiest fix on Debian is to remove
| the mod-spdy
Gary Carter:
Just curious - are you running Google's mod_spdy? If so, that was the
culprit for me - check:
Yes, that was it. Thanks for the heads-up.
J.
--
The news at ten makes me peevish but animal hospital makes me cry.
[Agree] [Disagree]
18 matches
Mail list logo
