: Fix OpenSSL CCS vulnerability on Ubuntu 14.04 I just installed an SSL certificate from Let's Encrypt on one of my domains. Everything was fine, green lock icon on Chrome. But just to be sure,
I just installed an SSL certificate from Let's Encrypt on one of my domains. Everything was fine, green lock icon on Chrome. But just to be sure, I checked the domain on ssllabs.com. And to my surprise, It has the worst rating, an F. It seems that my server is vulnerable to OpenSSL CCS vulnerability (CVE-2014-0224).
My servers runs Ubuntu 14.04. I tried to update the packages and install a new version of OpenSSL, but I couldn't find any so I built it from source. But now that I have the latest version, I don't see any difference when I check the domain on SSLLabs, it is still rated F.
What should I do to fix this vulnerability once and for all ?
Thanks.
More posts by @Connie744
1 Comments
Sorted by latest first Latest Oldest Best
You can check if your SSL is patched against the OpenSSL CCS vulnerability (CVE-2014-0224):
sudo apt-get changelog openssl | grep CVE-2014-0224
If no results are displayed then your server requires updating! do the following:
sudo apt-get update
sudo apt-get install openssl libssl-dev
sudo openssl version -a
If you do get changelog results or both the openssl + libssl-dev is up to date then its likely because you haven't rebooted. When updating LibSSL it requires a reboot. Simply do the following:
sudo reboot now or use your server console to do so.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.