-1

I am using apache2 server runing on a Ubuntu Server 12.04 LTS. In my apache2 conf file there is a host that looks like this.

IfModule mod_ssl.c>

VirtualHost *:443>

 //Every configuration for the virtual host working fine.

/VirtualHost>

/IfModule>

I avoid using the "minor" sign since SO does not display the line containing it.

I cannot read "OpenSSL" anywhere. So my intuition says that I am not using it at all. So I should not worry about Heart bleed open SSL bug.

Am I right?

Thanks in advance.

jww
  • 97,681
  • 90
  • 411
  • 885
mdev
  • 472
  • 7
  • 18

1 Answers1

2

From the command prompt do: openssl version

OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
OpenSSL 1.0.1g is NOT vulnerable
OpenSSL 1.0.0 branch is NOT vulnerable
OpenSSL 0.9.8 branch is NOT vulnerable

Your config is using mod_ssl. Mod SSL is OpenSSL built for Apache.

If your server is public facing you can try something like this tool. http://filippo.io/Heartbleed/

user985723
  • 628
  • 2
  • 8
  • 18
  • Hi. Thank you very much for your fast response. The result was "OpenSSL 1.0.1 14 Mar 2012". Guess it is vulnerable. Would you let me know how to fix it?. – mdev Apr 10 '14 at 02:25
  • That has been answered here: http://askubuntu.com/questions/444702/how-to-patch-cve-2014-0160-in-openssl – user985723 Apr 10 '14 at 02:36