0

Given the recent heartbleed and requirement to update the openSSL version I have followed all the instructions to do so.

I've run 

sudo apt-get update
sudo apt-get upgrade


openssl version -a
OpenSSL 1.0.1c 10 May 2012
built on: Wed Jan  8 20:51:55 UTC 2014
platform: debian-amd64
options:  bn(64,64) rc4(8x,int) des(idx,cisc,16,int) blowfish(idx) 
compiler: cc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -    DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -    Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -    Wa,--noexecstack -Wall -DOPENSSL_NO_TLS1_2_CLIENT -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 -    DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/lib/ssl"

Yet everytime I run version -a, it does not update the built on date to April 7.

Why is this. What commands can I run to upgrade the OPENSSL to 1.0.1g or to the latest build? Im using a Rackspace Ubuntu server.

Tyler Evans
  • 567
  • 1
  • 8
  • 25
  • Maybe the fixed version isn't available by apt-get yet. – Warren Dew Apr 12 '14 at 03:31
  • thanks Warren- so perhaps Rackspace havent update the fixed version? – Tyler Evans Apr 12 '14 at 03:44
  • It might be more that Debian's packages tend to lag a bit. Usually that means they are using more stable software, but in this case, it means they don't have the fix yet. The fix is, I believe, in 1.0.1g, so the version you are seeing is more than one version behind. – Warren Dew Apr 12 '14 at 03:47
  • `-DOPENSSL_NO_TLS1_2_CLIENT` - there's no need for this preprocessor macro. Its OK to support TLS 1.2 in 2014. The interop issues are no longer a concern. – jww Apr 12 '14 at 11:12
  • You might try `sudo apt-get dist-upgrade` – jww Apr 12 '14 at 11:18

0 Answers0