OpenSSL Project | The Heartbleed Bug

|
| By Webner

The OpenSSL Project is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS) protocols as well as a general purpose cryptography library and contains the following vulnerability:

Allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet, An attacker can use a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server support AES-NI.

Affected Versions: OpenSSL 1.0.2 prior to OpenSSL 1.0.2h OpenSSL 1.0.1 prior to OpenSSL 1.0.1t

Solution: Affected users should upgrade OpenSSL.

Check existing version of OpenSSL using this command:

# openssl version -a

Steps to upgrade OpenSSL version:

1.  wget https://www.openssl.org/source/openssl-1.0.2j.tar.gz
2.  tar -xvf openssl-1.0.2j.tar.gz
3.  cd openssl-1.0.2j/
4.  ./config –prefix=/usr/
5. sudo apt-get install make.
6. sudo apt-get install gcc.
7. make.
8. make install.
9. Now run openssl version -a again to check the version.

Leave a Reply

Your email address will not be published. Required fields are marked *