On Wed, 08 Oct 2003 11:44, Andrew Gaffney wrote:
> > I guess this implies that Apache is still using the old (vulnerable?)
> > version of OpenSSL. Do I have to re-emerge apache to for it to use
> > the new OpenSSL Library?
>
> Did you restart Apache? Try '/etc/init.d/apache2 restart'
Yeah, I still get "OpenSSL/0.9.6j" in the server signature (I don't know if
there's another way to check what version of openssl is being used.
I've also run 'qpkg -d' to make sure that I don't inadvertantly have two
versions of openssl installed (I don't).
It's not a big deal just to re-emerge apache, but it'll take a lot of hours on
the archaic machine my server is running on.
Tom
--
[EMAIL PROTECTED] mailing list
