[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OpenSSL Heartbleed bug, Apache still vulnerable?

Jochen Spieker <ml@well-adjusted.de> wrote:

>>> Am I doing anything wrong? Is the testing tool broken? I also tried the
>>> one at https://gist.github.com/takeshixx/10107280 which confirms there
>>> is still a problem on port 443 (HTTPS served by Apache).
>> 
>> That test tool was updated a few hours ago to include checks for
>> patches. You may find you now get "Version number indicates vulnerable,
>> but your build is recent so may be patched."

> I have the most recent version and it still reports my system to be
> vulnerable.

Are you sure you restarted the right system? (Just asking, had the same
problem today, was looking at a totally different system than the one I
thought I was looking at.)

Maybe apache is using a different libssl than the one from the system.
What does "ldd /usr/lib/apache2/modules/mod_ssl.so" say?

Or maybe there is some kind of cache in front of your webserver.

Grüße,
Sven

-- 
Sigmentation fault. Core dumped.
Reply to: