After my previous post about the overview of OpenSSL Heartbleed flaw, I will now explain how to fix the vulnerability with the simple way that I have found. Please note that this post is only applicable for Debian based system but it can be adapted for other distributions. Before trying to fix your openSSL package, you must be sure that your openSSL package is vulnerable.
Test if your OpenSSL package is vulnerable
The simple way to test if your server is vulnerable is to use an online checker. The next picture shows that yoursite.com is vulnerable. Online tool can be found at the following address: https://filippo.io/Heartbleed/
Note that you can specify another port when you write your server’s URL because by default this tool try only the port 443. To be sure that this information is correct, you can check the build date of the openSSL software in the server using the next command:
root@myserver:~# openssl version -a OpenSSL 1.0.1 14 Mar 2012 built on: Wed Jan 8 20:45:51 UTC 2014
If the built date is before 7th April 2014 and after 2012, you must conclude that the version of OpenSSL is vulnerable to heartbleed flaw.
Upgrade OpenSSL
The simple way to have the last build of OpenSSL is to upgrade the linux distribution.
root@myserver:~# apt-get dist-upgrade root@myserver:~# reboot
After reboot, recheck the openSSL version. The build date should be 7th April 2014.
root@myserver:~# openssl version -a OpenSSL 1.0.1 14 Mar 2012 built on: Mon Apr 7 20:33:29 UTC 2014
Now, you can make the online test again and the output should be the following:
If you know another solutions (maybe better), please contact me 🙂