What should I do about the Heartbleed bug for the sites I run?

openssl heartbleed

The recently announced Heartbleed bug in OpenSSL affects many sites (70% of the internet).

There's a website:

http://www.heartbleed.com

There's a web-based test:

http://filippo.io/Heartbleed/

What should I do to protect the sites that I run?


You should:

  • Update your system to the latest OpenSSL version
  • Generate new keys and certificates for services relying on OpenSSL and restart them
  • Revoke former certificates
  • Invalidate all established sessions

Stolen from a reddit comment.

  1. Update your system:

    sudo apt-get update
sudo apt-get upgrade

  2. Reboot the server

  3. openssl version -a to make sure you have the latest version!!

Related

uninstall libc6 package by dpkg
HTML5 video playback is choppy and corrupted in Firefox
How to configure macOS Network settings per connection
Shortcut for text mode in Word equation editor
How do I show only the print area in Excel and grey out the rest?
What is the difference between start button shut down and command line shut down?
Remove exposed port from docker
Confirm a tmux option is set
How to connect to VPN through Proxy Server
Hide Username Button in Chrome [duplicate]
Does Wake-on-LAN via WAN needs port forwarding?
shell: "can't shift that many" error