I have inherited a server in one of our Dev environments and found out straight away that it was not patched when the heartbleed was discovered.
Now, I've upgraded it - including all SSL libraries and I've regenerated self signed certificates, yet even after full server reboot it still shows up as vulnerable against various Heartbleed checkers.
This is the state of the things.
Ubuntu/Kernel version:
root@server:~# uname -a
Linux server.domain.com 3.2.0-23-generic #36-Ubuntu SMP Tue Apr 10 20:39:51 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
root@server:~#
OpenSSL lib version:
root@server:~# dpkg -l|grep ssl
ii libio-socket-ssl-perl 1.53-1 Perl module implementing object oriented interface to SSL sockets
ii libnet-ssleay-perl 1.42-1build1 Perl module for Secure Sockets Layer (SSL)
ii libssl1.0.0 1.0.1-4ubuntu5.13 SSL shared libraries
ii openssl 1.0.1-4ubuntu5.13 Secure Socket Layer (SSL) binary and related cryptographic tools
ii python-openssl 0.12-1ubuntu2.1 Python wrapper around the OpenSSL library
root@server:~#
OpenSSL build:
root@server:~# openssl version -b
built on: Fri May 2 20:24:44 UTC 2014
root@server:~#
/etc/issue
contains some stuff from cloud-sigma where the server is hosted.
Anyone has any idea how to take this further ?
Thanks
Comments
Post a Comment