AnsweredAssumed Answered

Still getting F rating due to CCS vulnerability with OpenSSL 1.0.1h

Question asked by Dennis Mitchell on Jun 18, 2014
Latest reply on Jun 19, 2014 by Dennis Mitchell

Last time I updated my OpenSSL Version to 1.0.1g I got an A- rating coz the heatbleed bug was cured.

This time, after I updated to 1.0.1h I'm still getting an F due to CCS vulnerability?!

 

Here is what I did (on a SLES):

mkdir /usr/local/openssl101h

mkdir /etc/ssl101h

cd /opt

tar xvf openssl-1.0.1h.tar.gz

cd openssl-1.0.1h

./config --prefix=/usr/local/openssl101h --openssldir=/etc/ssl101h shared

make

make install

 

vi /etc/bash.bashrc.local

changed to: export PATH=/usr/local/openssl101h/bin:$PATH

 

vi /etc/ld.so.conf

changed to: /usr/local/openssl101h/lib

 

Started new SSH session

 

openssl version   -> OpenSSL 1.0.1h 5 Jun 2014

 

/etc/init.d/apache2 stop

cd /opt/httpd-2

./configure --prefix=/usr/local/apache2 --sysconfdir=/etc/apache2 --with-mpm=worker --with-ssl=/usr/local/openssl101h --enable-mods-shared='actions alias auth_basic authn_file authz_host authz_groupfile authz_default authz_user authn_dbm autoindex dir env expires include log_config mime negotiation setenvif status ssl suexec userdir proxy proxy_http proxy_balancer deflate headers rewrite'

make

make install

/etc/init.d/apache2 start

 

All witout warnings or errors.

Why am I still getting an F rating?!

Outcomes