Hi everyone! I wanted to tell everyone my system is now fully up and running with all components using 1.0.1e.
The only change needed was the static loading of mod_ssl in Apache HTTPD, as well as using the static libraries for libssl and libcrypt; the other thing I needed to do was a full recompile of all pre-requisites to postfix. None of them were using 1.0.1c, but that is the step that worked. I do need to go back and see why mod_ssl in HTTPD requires static loading, but that is for the weekend, when I will have some time. I want to thank this friendly, professional community for its help to date. I am now running the latest OpenSSL with every package on my system. -Joel On Tue, February 19, 2013 7:48 am, Salz, Rich wrote: >> Since my goal is a running system with no known security >> vulnerabilities ... I have a habit of wanting to use the 'latest >> everything' as I check versions of software on my server once every few >> weeks. > > These two items contradict each other. If you want a secure system, you > should only upgrade (a) if vulnerabilities come out that require it; or > (b) there are new features that you absolutely must have. And you also > might want to think about why static libraries are (at least > theoretically) more secure than shared libraries. > > /r$ > > > -- > Principal Security Engineer > Akamai Technology > Cambridge, MA > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
