What should I do about the Heartbleed bug for the sites I run?
The recently announced Heartbleed bug in OpenSSL affects many sites (70% of the internet).
There's a website:
http://www.heartbleed.com
There's a web-based test:
http://filippo.io/Heartbleed/
What should I do to protect the sites that I run?
You should:
- Update your system to the latest OpenSSL version
- Generate new keys and certificates for services relying on OpenSSL and restart them
- Revoke former certificates
- Invalidate all established sessions
Stolen from a reddit comment.
-
Update your system:
sudo apt-get update sudo apt-get upgrade
Reboot the server
openssl version -a
to make sure you have the latest version!!