How to Fix Heartbleed Vulnerability?

OpenSSL, the widely used software to encode web communication faced a serious security flaw named “Heartbleed bug“. Filippo Valsorda has implemented a testing tool http://filippo.io/Heartbleed/, it will help to check whether your website is infected or not. Here, we have provided a solution to fix Heartbleed issue, before that let us understand “Heartbleed” in details.

Heartbleed bug has influenced many websites because this bug can read the memory of a vulnerable host. The bug compromised the keys used on a host with OpenSSL vulnerable versions. To fix Heartbleed bug, users have to update their older OpenSSL versions and revoke any previous keys. We will here present a procedure to update the system with a secure OpenSSL versions.

Step: 1

Update OpenSSL version

For Ubuntu and Debian system update:

If you are using Ubuntu and Debian, then you have to follow the below steps to update your system.

sudo apt-get update
sudo apt-get dist-upgrade

By providing, the above command your entire system will be updated. However, if you want to upgrade only the affected packages then the type the following code.

sudo apt-get install --only-upgrade openssl
sudo apt-get install --only-upgrade libssl1.0.0

For CentOS and Fedora update:

You can type the following code to update the entire system.

yum update

If you wish to update only the affected OpenSSL packages, then you should type the below code.

yum update openssl

For a 64-bit System Update:

If you run a 64-bit system, then you have to type the below code to update the system.

yum -y install koji
koji download-build --arch=x86_64 openssl-1.0.1e-37.fc19.1
yum localinstall openssl-1.0.1e-37.fc19.1.x86_64.rpm

For a 32-bit System Update:

If you run a 32-bit system, then you have to type the below code to update the system.

yum -y install koji
koji download-build --arch=i686 openssl-1.0.1e-37.fc19.1
yum localinstall openssl-1.0.1e-37.fc19.1.i686.rpm

For Arch Linux Update:

If you have Arch Linux then you have to type the following word string. Please update the entire system, as Arch Linux is a very unstable system. Therefore, avoid updating only affected versions.

sudo pacman -Syu

After updating all the system, kindly reboot your machine to check the system status. For that, you have to type the following code.

sudo shutdown -r now

How can you check the updated version of OpenSSL?

After updating the latest version, you can check the OpenSSL version according to the system that you have installed.

For Debian release and fix versions:

You have to type the below code to get the updated version of OpenSSL.

dpkg -l | grep "openssl"

After typing the above code, you will receive the below output.

ii  openssl                        1.0.1e-2+deb7u6          
amd64        Secure Socket Layer (SSL) binary and related cryptographic tools

If your version of OpenSSL is the recent as the version listed below for your distribution, you should be protected:

  • Debian 6 (Squeeze): Unaffected (Shipped with older version prior to vulnerability)
  • Debian 7 (Wheezy): 1.0.1e-2+deb7u6
  • Debian testing (Jessie): 1.0.1g-1
  • Debian unstable (Sid): 1.0.1g-1

For Ubuntu release and fix versions:

For Ubuntu users, the correct, patched version is also release-dependent. Use this list to see the minimum secure version for your release:

  • Ubuntu 10.04: Unaffected (Shipped with older version prior to vulnerability)
  • Ubuntu 12.04: 1.0.1-4ubuntu5.12
  • Ubuntu 12.10: 1.0.1c-3ubuntu2.7
  • Ubuntu 13.04: SUPPORT END OF LIFE REACHED, SHOULD UPGRADE
  • Ubuntu 13.10: 1.0.1e-3ubuntu1.2

If you are on one of the supported distros, ensure that your OpenSSL version is up-to-date. If your distribution is not supported anymore (Ubuntu 13.04), it is highly recommended that you transition to a supported operating system due to this bug’s severity.

For CentOS and Fedora Releases and Fix Versions

For CentOS and Fedora systems, you have to type the following code line.

rpm -q -a | grep "openssl"

After typing the above code, you will receive output that looks like below:

openssl-1.0.1e-16.el6_5.7.x86_64

We have given the below protected versions of CentOS and Fedora systems.

  • CentOS 5: Unaffected (Shipped with older version prior to vulnerability)
  • CentOS 6: openssl-1.0.1e-16.el6.5.7
  • Fedora 17: Unaffected (Shipped with older version prior to vulnerability)
  • Fedora 19: openssl-1.0.1e-37.fc19.1

For Arch Linux Fix Versions:

To check the installed version of OpenSSL, you should type the below code line.

pacman -Q | grep "openssl"

After that, you will receive output that looks like this:

openssl 1.0.1.g-1

IIS and HeartBleed

If your website or application running on Windows operating system and IIS, you don’t need to worry about HeartBleed vulnerability. Here is the excerpt from official blog post published on IIS.net

Microsoft Account and Microsoft Azure, along with most Microsoft Services, were not impacted by the OpenSSL vulnerability. Windows’ implementation of SSL/TLS was also not impacted.

Cheap SSL

Default configuration of Windows do not includes OpenSSL and as a result it is not affected by this vulnerability. Windows operating system and IIS has its own encryption component which is known as Secure Channel (SChannel) and it is not vulnerable to HeartBleed bug.

Important Note:

If you are running any application, website or software on Windows that uses OpenSSL instead of SChaneel, it may be vulnerable and we recommend following guidelines provided in this article to fix HeartBleed vulnerability.

Step: 2

Delete SSL key set

  • Now, make out a list of websites that are equipped with SSL certificates.
  • After that, delete all SSL keys, private and CSR key
  • Finally, create a new private key and CSR key for each of your website. However, remember that your keys should be of 2048-bit key length.

Step: 3

Reissue/regenerate SSL key

If you are a customer of ClickSSL, then do not worry, and read this to regenerate/reissue SSL process. The reissue/regenerate SSL keys are as follows.

  1. Login your account.
  2. Click on order number to open order details.
  3. Click on SSL reissue SSL button.
  4. Follow next steps to reissue SSL.

For re-issuance or regenerate SSL key, you should consult your SSL certificate provider.

Step: 4

Install new SSL keys on server

Step: 5

Check your website for Heartbleed bug after installing the new SSL keys.

heartbleed-info

 

We Assure to Serve

Leading Brands

ClickSSL is platinum partner of leading CAs & offering broad range of SSL certificate products.

Valued Price

You are at right place to get cheapest SSLs; our prices are up to 79% low as compared to CAs.

100% Refund Policy

If you are not satisfied, our all SSL certificates are backed by 30-day 100% money back guarantee.

24×7 Support

Our experts are always active to help you, so you will get instant solutions for your queries.