Re: OpenSSL Heartbleed bug, Apache still vulnerable?
Jochen Spieker <ml@well-adjusted.de> wrote:
>>> Am I doing anything wrong? Is the testing tool broken? I also tried the
>>> one at https://gist.github.com/takeshixx/10107280 which confirms there
>>> is still a problem on port 443 (HTTPS served by Apache).
>>
>> That test tool was updated a few hours ago to include checks for
>> patches. You may find you now get "Version number indicates vulnerable,
>> but your build is recent so may be patched."
> I have the most recent version and it still reports my system to be
> vulnerable.
Are you sure you restarted the right system? (Just asking, had the same
problem today, was looking at a totally different system than the one I
thought I was looking at.)
Maybe apache is using a different libssl than the one from the system.
What does "ldd /usr/lib/apache2/modules/mod_ssl.so" say?
Or maybe there is some kind of cache in front of your webserver.
Grüße,
Sven
--
Sigmentation fault. Core dumped.
Reply to: