[gentoo-user] Heartbleed - using openssl-0.9.8y and affected

Which program do I upgrade to fix Heartbleed bug? http://safeweb.norton.com/heartbleed/ is showing me my server is vulnerable. I'm using dev-libs/openssl-0.9.8y Why safeweb.norton is triggering my server vulnerable? -- Joseph

Re: [gentoo-user] Heartbleed - using openssl-0.9.8y and affected

On 04/28/14 09:17, Joseph wrote: Which program do I upgrade to fix Heartbleed bug? http://safeweb.norton.com/heartbleed/ is showing me my server is vulnerable. I'm using dev-libs/openssl-0.9.8y Why safeweb.norton is triggering my server vulnerable? I'm using apache-2.2.25 Which file contain

Re: [gentoo-user] Heartbleed - using openssl-0.9.8y and affected

On Mon, 28 Apr 2014 10:02:52 -0600 Joseph syscon...@gmail.com wrote: On 04/28/14 09:17, Joseph wrote: Which program do I upgrade to fix Heartbleed bug? http://safeweb.norton.com/heartbleed/ is showing me my server is vulnerable. I'm using dev-libs/openssl-0.9.8y Why safeweb.norton is

Re: [gentoo-user] Heartbleed - using openssl-0.9.8y and affected

On 04/28/14 20:13, Tom Wijsman wrote: On Mon, 28 Apr 2014 10:02:52 -0600 Joseph syscon...@gmail.com wrote: On 04/28/14 09:17, Joseph wrote: Which program do I upgrade to fix Heartbleed bug? http://safeweb.norton.com/heartbleed/ is showing me my server is vulnerable. I'm using

Re: [gentoo-user] Heartbleed - using openssl-0.9.8y and affected

On Mon, Apr 28, 2014 at 2:34 PM, Joseph syscon...@gmail.com wrote: But what puzzle me is when I downgraded it to 1.0.0j (uneffected version) I could not restart apache. I was getting an error: /etc/init.d/apache2 restart * apache2 has detected an error in your setup: apache2: Syntax error

Re: [gentoo-user] Heartbleed - using openssl-0.9.8y and affected

On Mon, Apr 28, 2014 at 2:34 PM, Joseph syscon...@gmail.com wrote: No, I was wrong. I had both version istalled: 0.9.8y and 1.0.1f and the one that was in use was buggy one: 1.0.1f I recompile 1.0.1f without tls-heartbeat and the problem is solved. Why not run emerge --sync and upgrade to

Re: [gentoo-user] Heartbleed - using openssl-0.9.8y and affected

On 04/28/14 14:54, Mike Gilbert wrote: On Mon, Apr 28, 2014 at 2:34 PM, Joseph syscon...@gmail.com wrote: No, I was wrong. I had both version istalled: 0.9.8y and 1.0.1f and the one that was in use was buggy one: 1.0.1f I recompile 1.0.1f without tls-heartbeat and the problem is solved. Why

Re: [gentoo-user] Heartbleed - using openssl-0.9.8y and affected

On Mon, 28 April 2014, at 8:09 pm, Joseph syscon...@gmail.com wrote: On 04/28/14 14:54, Mike Gilbert wrote: On Mon, Apr 28, 2014 at 2:34 PM, Joseph syscon...@gmail.com wrote: No, I was wrong. I had both version istalled: 0.9.8y and 1.0.1f and the one that was in use was buggy one: 1.0.1f I

Re: [gentoo-user] Heartbleed - using openssl-0.9.8y and affected

On 04/28/2014 12:02 PM, Joseph wrote: I'm using apache-2.2.25 Which file contain setting for: SSLCompression I'm trying to turn it off. It's on by default in apache-2.2. Place the following somewhere in 40_mod_ssl.conf, between IfModule ssl_module and /IfModule: # Disable CRIME attack