Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to upgrade OpenSSL on Linux system". The content in the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "how to upgrade OpenSSL on Linux system".

I use Centos, and currently officials say the threatened versions are 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1. The "Heartbleed" vulnerability was fixed in OpenSSL version 1.0.1g. All centos6.5 systems running OpenSSL 1.0.1e (openssl-1.0.1e-16.el6_5.4) will be threatened, and only 6.5 seems to be threatened.

Check your openssl version first, with the following command:

The code is as follows:

# openssl version

Or

The code is as follows:

# openssl version-a / / add-a parameter will show more details

Or

The code is as follows:

# yum info openssl / / redhat series is available

Ubuntu and debian can use the following command:

The code is as follows:

# dpkg-query-l' openssl'

Well, I'm using OpenSSL 1.0.1f, the threatened version. Oh, what a crap. However, Heartbleed is not enabled, and https access is not set, which does not affect it, but it is still upgraded.

Enter the command to upgrade the openssl version:

The code is as follows:

# yum clean all & & yum update "openssl*" / / redhat series available this

Ubuntu and debian can use the following command:

The code is as follows:

# apt-get update

# apt-get upgrade

OpenSuSE uses the following command:

The code is as follows:

# zypper update

Make sure you have the openssl-1.0.1e-16.el6_5.7 version or newer version installed. If you don't have this package in the yum source, you'll have to download the rpm package and install it yourself. I guess there must be.

Install the openssl-1.0.1e-16.el6_5.7 version for Mao? Because this version has been fixed, see http://lists.centos.org/pipermail/centos-announce/2014-April/020249.html

Then execute the following command to check which other processes are still using the deleted older version of the openssl library:

The code is as follows:

# lsof-n | grep ssl | grep DEL

No, it's just normal. If so, you will have to revisit every process that uses the old version of the openssl library. Therefore, I am too lazy to restart one by one, but also a small blog, directly restart the server.

If possible, it is recommended to regenerate the ssl private key, change the password and so on.

Note: you can also use the following command to check that you have patched this version of openssl, because each time the bug is fixed and patched, the package itself will record this information in the change-log. The command is as follows:

The code is as follows:

# rpm-Q-changelog openssl-1.0.1e | grep-B1 CVE-2014-0160

/ / CVE-2014-0160 is the code for this vulnerability, which can be checked on the official website of openssl.

Display:

The code is as follows:

* Mon Apr 07 2014 Tom Mr Mr 1.0.1e-16.7

-fix CVE-2014-0160-information disclosure in TLS heartbeat extension

It means that this version has fixed this vulnerability.

Thank you for your reading, the above is the content of "how to upgrade OpenSSL on Linux system". After the study of this article, I believe you have a deeper understanding of how to upgrade OpenSSL on Linux system, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.