OpenSSL heartbleed

 
Post new topic   Reply to topic    Aprelium Forum Index -> SSL/Certificates
View previous topic :: View next topic  
Author Message
boris
-


Joined: 01 Jan 2013
Posts: 15

PostPosted: Wed Apr 09, 2014 6:45 pm    Post subject: OpenSSL heartbleed Reply with quote

Does the OpenSSL heartbleed bug affect Abyss ?
Back to top View user's profile Send private message
admin
Site Admin


Joined: 03 Mar 2002
Posts: 958

PostPosted: Wed Apr 09, 2014 7:10 pm    Post subject: Re: OpenSSL heartbleed Reply with quote

boris wrote:
Does the OpenSSL heartbleed bug affect Abyss ?


Please check our official position regarding that issue http://www.aprelium.com/forum/viewtopic.php?t=355665 (published this morning.)
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com
Back to top View user's profile Send private message
Paul123
-


Joined: 31 Jan 2009
Posts: 13

PostPosted: Thu Apr 10, 2014 9:27 am    Post subject: Re: OpenSSL heartbleed Reply with quote

admin wrote:
boris wrote:
Does the OpenSSL heartbleed bug affect Abyss ?


Please check our official position regarding that issue http://www.aprelium.com/forum/viewtopic.php?t=355665 (published this morning.)


X2 now patched with updated dlls. Thanks support.

For anyone interested in checking "other" web servers, I have tried a few heartbleed validation websites and https://ssltools.websecurity.symantec.com/checker/views/certCheck.jsp
seems to be reliable at detection.
Back to top View user's profile Send private message
boris
-


Joined: 01 Jan 2013
Posts: 15

PostPosted: Sun Apr 13, 2014 2:03 pm    Post subject: PHP 5.5.11 Reply with quote

the PHP pre-configured packages you have available contain OpenSSL 1.0.1f (the vulnerable versions), not the 1.0.1g

I realize PHP has not released a new version of PHP, but your pre-configured packages should probably be rebuilt ? :)
Back to top View user's profile Send private message
admin
Site Admin


Joined: 03 Mar 2002
Posts: 958

PostPosted: Mon Apr 14, 2014 4:06 pm    Post subject: Re: PHP 5.5.11 Reply with quote

boris wrote:
the PHP pre-configured packages you have available contain OpenSSL 1.0.1f (the vulnerable versions), not the 1.0.1g

I realize PHP has not released a new version of PHP, but your pre-configured packages should probably be rebuilt ? :)


Replacing the OpenSSL DLLs with those in the package linked to above is the way to go. Please note also that unless you're writing a server software with PHP (in which case you're not doing simple PHP Web scripting), you won't have any issue with that language. Heartbleed is bug with a limited scope and it doesn't include general PHP scripting.
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com
Back to top View user's profile Send private message
admin
Site Admin


Joined: 03 Mar 2002
Posts: 958

PostPosted: Mon Apr 14, 2014 4:11 pm    Post subject: Re: PHP 5.5.11 Reply with quote

Abyss Web Server 2.9.3 has just been released. Users of previous version should upgrade as soon as possible to fix the Heartbleed issue.

http://www.aprelium.com/news/abws293.html
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com
Back to top View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> SSL/Certificates All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group