How to upgrade OpenSSL in CentOS 6 + Heartbleed

Posted: 1p in Linux

Folow the steps to upgrade OpenSSL in CentOS 6 server


mv /usr/bin/openssl /usr/bin/openssl.backup
cd /usr/src
wget https://www.openssl.org/source/openssl-1.0.1g.tar.gz
tar -zxf openssl-1.0.1g.tar.gz
cd openssl-1.0.1g
./config –prefix=/usr/local/myopenssl
make
make install
ln -s /usr/local/myopenssl/bin/openssl /usr/bin/openssl


Check the version
-=-=-=-
openssl version


Then you need to stop and start apache

/etc/init.d/httpd stop
/etc/init.d/httpd start

Check the SSH version and see the OpenSSL version it is compiled with.

sshd -v
OpenSSL 1.0.1c 10 May 2012

You may need to recompile SSH too with the new OpenSSL.


cd /usr/local/src/
wget ftp.aist-nara.ac.jp/pub/Linux/gentoo/distfiles/openssh-6.0p1.tar.gz
tar -zxf openssh-6.0p1.tar.gz
cd openssh-6.0p1
./configure –prefix=/usr –sysconfdir=/etc/ssh –with-ssl-dir=/usr/src/openssl-1.0.1g –with-pam –with-libs=-ldl –without-zlib-version-check –with-tcp-wrappers
make
make install
/sbin/service sshd restart

 

——————-

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s