Update your OpenSSL now!

[BBM]

I have that same notice in my logs ever since I started updating my vps somewhere last year. A lot of things got updated in the process.

The notice is usually surrounded by a group of notices, mostlikely due to something I did wrong creating a selfsigned SSL (I think);

[Sun Apr 13 03:29:02.051188 2014] [ssl:warn] [pid 5832] AH01909: RSA certificate configured for localhost:443 does NOT include an ID which matches the server name
[Sun Apr 13 03:29:02.052303 2014] [ssl:warn] [pid 5832] AH01909: RSA certificate configured for shared.domain:443 does NOT include an ID which matches the server name
[Sun Apr 13 03:29:02.052669 2014] [ssl:warn] [pid 5832] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Sun Apr 13 03:29:02.052709 2014] [lbmethod_heartbeat:notice] [pid 5832] AH02282: No slotmem from mod_heartmonitor
[Sun Apr 13 03:29:02.067908 2014] [mpm_prefork:notice] [pid 5832] AH00163: Apache/2.4.7 (Unix) OpenSSL/1.0.1e-fips configured -- resuming normal operations
[Sun Apr 13 03:29:02.067976 2014] [core:notice] [pid 5832] AH00094: Command line: '/usr/sbin/httpd -D SSL'

 

[nobaloney]

I've run into one issue/anomaly (or whatever you want to call it). CentOS5.x (maybe not all) doesn't seem to have an available update. On our servers running CentOS5.x, the openssl version was not susceptible to HeartBleed, but at least one poster here has reported that on their servers it does.

Can we get a handle on this? Do your CentOS5.x servers pass the test? OR NOT?

jEFF

 

[Arieh]

I've run into one issue/anomaly (or whatever you want to call it). CentOS5.x (maybe not all) doesn't seem to have an available update. On our servers running CentOS5.x, the openssl version was not susceptible to HeartBleed, but at least one poster here has reported that on their servers it does.

Can we get a handle on this? Do your CentOS5.x servers pass the test? OR NOT?

jEFF

What post are you referring to (did a quick search in this thread). Possible the user had updated openssl manually to a vulnerable version.

 

[nobaloney]

It wasn't in this thread. It was an accidental post in John's HeartBleed thread, after John had closed it. John has deleted those posts and re-iterated that the thread is closed so I'm hoping it will get picked up here, but I don't repost others' posts; that's up to them.

Jeff

 

[kevinb]

I've run into one issue/anomaly (or whatever you want to call it). CentOS5.x (maybe not all) doesn't seem to have an available update. On our servers running CentOS5.x, the openssl version was not susceptible to HeartBleed, but at least one poster here has reported that on their servers it does.

Can we get a handle on this? Do your CentOS5.x servers pass the test? OR NOT?

jEFF

Jeff,

The stock Redhat/Centos 5 is not susceptible to Heart Bleed and wouldn't need an update. That is not stopping people from installing there own openssl libraries manually that would require attention. As an example Wael's update.script (http://forum.directadmin.com/showthread.php?t=22587) allows for updating of openssl that would need to be attended to.

Kevin

 

[SeLLeRoNe]

I'm having that issue Jeff is talking about.

>/usr/bin/openssl version
OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
>cat /etc/redhat-release
CentOS release 5.10 (Final)

I did many site-check and all them report that my server is vulnerable.

Any clue/hint?

Regards

 

[SeLLeRoNe]

I've update OpenSSL using update.script and now it seems to be NOT VULNERABLE, but, since it may has been a false-positive or either not (it should since v0.9.8 had not to be vulnerable).. i would reccomend to update the OpenSSL lib to who is using CentOS 5.x aswell, better be totally sure

Regards

 

[ImpulseG]

I've updated OpenSSL, but I understand the certificates on our servers may have been stolen. How do I regenerate the certs for DA? I currently only have a self-signed SSL for DA from following this guide: http://help.directadmin.com/item.php?id=15

Do I just follow that guide to a tee again? Or is there something else I would have to do?

 

[SeLLeRoNe]

Yes you can follow that guide to re-generate your self-signed certificate.

Regards

 

[bubske]

yes I did, I did restarted the httpd, I have also rebooted my server just in case.
but under curl the ssl version is still showing openssl 1.0.0

I have tried http://filippo.io/Heartbleed with mydomain.com:443 which says my server seems ok, but I just don't know how to fix that curl issue.

#curl -V
curl 7.36.0 (x86_64-unknown-linux-gnu) libcurl/7.36.0 OpenSSL/1.0.0 zlib/1.2.3 libidn/1.18
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smtp smtps telnet tftp
Features: IDN IPv6 Largefile NTLM NTLM_WB SSL libz

Update: not sure why but I had to build the curl again (already did it last nite, not working)
./build curl
./build php d

now it's showing 1.0.1e

it seems that I cannot recompile curl could anyone help me out?
I have installed openssl 1.0.1g manually using the steps in the beginning of this thread.

../lib/.libs/libcurl.so: undefined reference to `SSL_get_session@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `UI_method_get_closer@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_CTX_use_PrivateKey_file@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `X509_STORE_CTX_get_current_cert@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `ERR_error_string@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_CIPHER_get_name@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_write@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `X509_get_subject_name@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `PEM_read_X509@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_CTX_use_certificate_file@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `X509_EXTENSION_get_critical@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `X509_LOOKUP_file@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_CTX_ctrl@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `ERR_clear_error@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `ENGINE_by_id@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `sk_num@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_read@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `X509_NAME_get_entry@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `EVP_cleanup@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `UI_destroy_method@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `X509_free@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `ERR_peek_error@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `BN_num_bits@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `X509_get_serialNumber@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_get_privatekey@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `EVP_PKEY_copy_parameters@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_get_error@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `CRYPTO_free@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `GENERAL_NAMES_free@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_get_certificate@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `CRYPTO_cleanup_all_ex_data@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `X509_verify_cert_error_string@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_new@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `ENGINE_get_first@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `ERR_remove_thread_state@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `MD4_Update@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `ENGINE_load_builtin_engines@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_SESSION_free@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `BIO_s_mem@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_CTX_use_certificate@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_CTX_set_verify@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_get_verify_result@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `X509_check_issued@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `UI_method_set_closer@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `ASN1_STRING_to_UTF8@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `UI_get_input_flags@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `ERR_get_error@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `UI_method_set_opener@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_CTX_set_default_passwd_cb@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `PKCS12_PBE_add@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `d2i_PKCS12_fp@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `MD5_Final@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `UI_OpenSSL@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `DES_set_key@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSLv23_client_method@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `EVP_PKEY_free@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `DES_ecb_encrypt@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `RAND_file_name@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `PKCS12_parse@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `RAND_add@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `X509_STORE_set_flags@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_pending@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `X509_STORE_add_lookup@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `PKCS12_free@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `ENGINE_ctrl@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_shutdown@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `ASN1_STRING_data@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `ERR_free_strings@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `ENGINE_set_default@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_get_peer_cert_chain@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_CTX_set_srp_password@OPENSSL_1.0.1'
../lib/.libs/libcurl.so: undefined reference to `PEM_write_bio_X509@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `ASN1_INTEGER_get@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_set_connect_state@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_CTX_get_cert_store@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `sk_pop_free@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_CTX_set_default_passwd_cb_userdata@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `UI_method_get_reader@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_set_fd@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_free@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `ASN1_STRING_length@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `RAND_egd@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `X509_load_crl_file@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_ctrl@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_library_init@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `sk_pop@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `ENGINE_init@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `ENGINE_cleanup@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_get_shutdown@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_peek@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSLeay@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSLv3_client_method@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `ASN1_STRING_print@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_CTX_set_srp_username@OPENSSL_1.0.1'
../lib/.libs/libcurl.so: undefined reference to `SSL_set_session@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `MD4_Final@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `ENGINE_free@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_CTX_callback_ctrl@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_connect@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_CTX_new@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `sk_value@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `X509_get_ext_d2i@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `UI_create_method@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `ENGINE_get_id@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `OPENSSL_add_all_algorithms_noconf@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `ENGINE_ctrl_cmd@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `UI_method_get_writer@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `BIO_free@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_CTX_free@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `CRYPTO_malloc@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `X509_NAME_ENTRY_get_data@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_get1_session@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `UI_method_set_reader@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_CTX_use_certificate_chain_file@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `X509_NAME_print_ex@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `RAND_bytes@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `BN_bn2bin@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `i2t_ASN1_OBJECT@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_CTX_use_PrivateKey@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_CTX_add_client_CA@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `RAND_load_file@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_get_current_cipher@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_get_peer_certificate@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `UI_method_set_writer@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `X509V3_EXT_print@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_CTX_load_verify_locations@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `X509_NAME_get_index_by_NID@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `ENGINE_finish@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `ERR_error_string_n@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `ENGINE_load_private_key@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `BIO_ctrl@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `ENGINE_get_next@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `X509_get_issuer_name@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `UI_method_get_opener@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `X509_EXTENSION_get_object@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `UI_set_result@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `ASN1_STRING_type@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_CTX_set_cipher_list@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `RAND_status@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_CTX_check_private_key@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `MD5_Update@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `BIO_new@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `X509_get_pubkey@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `UI_get_string_type@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `MD5_Init@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `UI_get0_user_data@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `SSL_load_error_strings@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `MD4_Init@OPENSSL_1.0.0'
../lib/.libs/libcurl.so: undefined reference to `DES_set_odd_parity@OPENSSL_1.0.0'
collect2: ld returned 1 exit status
make[2]: *** [curl] Error 1
make[2]: Leaving directory `/usr/local/directadmin/custombuild/curl-7.37.0-20140401/src'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/usr/local/directadmin/custombuild/curl-7.37.0-20140401/src'
make: *** [all-recursive] Error 1

*** The make has failed, would you like to try to make again? (y,n):

 

[Arieh]

Those steps in the beginning of the thread (first reply) should probably removed to avoid other users from doing them as well. There is no need to do them in either case.

First have you tried to update it using your package manager (yum/apt-get)?

Second, if that fails, try the update.script and update openssl with it, although it almost does the same steps as the ones in the beginning of the thread, it also symlinks certain files and updates ldconfig.