On 09/04/2014 10:33, [email protected] wrote:
Hi All,
Can anyone please suggest steps to remove vulnerability *OpenSSL "Heartbleed"
Vulnerability
<https://isc.sans.edu/forums/diary/+Patch+Now+OpenSSL+Heartbleed+Vulnerability/17921> *in
apache.
--
Regards
*Pratibha ***
You should first upgrade to openssl 1.0.1g, or at least patch your openssl
version.
That should be enough for httpd if dynamically linked to opensssl.
If instead httpd is statically linked to open ssl then you shopuld rebuild
httpd against openssl 1.0.1g.
Of course you should re-issue possibly stolen certificates as well.
See http://heartbleed.com/ for more information.
HTH,
Didier
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
