Did some searching,
would this be correct
https://github.com/QMailToaster/qmail/blob/master/makecert.sh
-----Original Message-----
From: Dave M
Sent: Thursday, April 10, 2014 8:18 AM
To: [email protected]
Subject: Re: [qmailtoaster] Re: heartbleed bug
Appologies, this is Centos 5.10 installation.
qtp-whatami
qtp-whatami v0.3.8 Thu Apr 10 08:18:25 MDT 2014
REAL_DIST=CentOS
DISTRO=CentOS
OSVER=5.10
QTARCH=i686
QTKERN=2.6.18-371.3.1.el5
BUILD_DIST=cnt50
BUILD_DIR=/usr/src/redhat
Dave M
-----Original Message-----
From: Dave M
Sent: Thursday, April 10, 2014 8:15 AM
To: [email protected]
Subject: Re: [qmailtoaster] Re: heartbleed bug
Hi Eric
What is the correct path as the makecert fails
/var/qmail/bin/makecert.sh: No such file or director
Dave M
-----Original Message-----
From: Eric Shubert
Sent: Wednesday, April 09, 2014 1:01 PM
To: [email protected]
Subject: [qmailtoaster] Re: heartbleed bug
I'd like to add a few details here.
If you use the stock self-signed cert, you should still probably
regenerate this by doing:
# service qmail stop
# mv /var/qmail/control/servercert.pem \
/var/qmail/control/servercert.pem.compromised
# /var/qmail/bin/makecert.sh
# service qmail start
If you use your own cert/key, then you should know what you need to do
for that, which is beyond the scope of this email.
The dh keys used in the TLS key negotiation process should be generated
automatically every day by cron, which runs the /var/qmail/bin/dh_key
script. You might want to verify the dates of these files:
# ls -l /var/qmail/control/dh*
If these weren't modified today, check your crontab.
Thanks for clarifying this, Steve.
--
-Eric 'shubes'
On 04/08/2014 06:52 PM, Steve Huff wrote:
hey folks - please be aware that simply patching OpenSSL is NOT sufficient
to mitigate the risk. if you have been using a RHEL/CentOS 6 system to
host services secured by SSL, then you should consider your keys
compromised, revoke your keys, and deploy new keys and new certs.
read http://heartbleed.com to learn more.
-steve
On Apr 8, 2014, at 7:57 PM, Cecil Yother, Jr. <[email protected]> wrote:
FYI, This fix has only come out in the past few days.
On 04/08/2014 04:54 PM, Eric Shubert wrote:
On 04/08/2014 01:04 PM, Peter Peterse wrote:
Finn Buhelt schreef op 8-4-2014 21:53:
Hi list
Will this affects QMT ? ( latest release uses openssl-1.01 which is
hit)
"New security holes are always showing up. The latest one, the
so-called <http://heartbleed.com/>Heartbleed Bug
<http://heartbleed.com/>
in the OpenSSL <https://www.openssl.org/> cryptographic library, is
an especially bad one" - taken from zdnet.com
Regards,
Finn
Hi Finn,
I've read CentOS 6 is affected and CentOS 5 not.
CentOS 5.10 contains OpenSSL 0.9.8e
Regards,
Peter
RHEL/CentOS has fixed this in openssl-1.0.1e-16.el6_5.7
The fixed package was in all of the mirrors I happened to catch.
To check if your package has the fix applied, you can:
$ rpm -q openssl --changelog | grep CVE-2014-0160
If you get nothing back (and you're on COS6) you should (yum) update
your openssl package.
--
<cj's_sig.png>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
