Upgrade OpenSSL on Your DigitalOcean Ubuntu 12.04 Server to Protect Against Heartbleed
April 10, 2014
Heartbleed, a serious vulnerability in the popular OpenSSL cryptographic software library, is a hot topic right now. This weakness allows the theft of normally SSL proteced information. SSL/TLS, of course, provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The Verge does a great job of discussing the Heartbleed problem.
This morning I tested to see if my Ubuntu 12.04 DigitalOcean server was affected by Heartbleed and what I found was this: I was running one of the compromised versions of OpenSSL. Good news: the fix is quite easy to implement.
Step 1: Check Your Version of OpenSSL
You can check if you have the latest version of OpenSSL or not by running this command:
openssl version -b
To get a very specific look at your OpenSSL version, use this command instead:
If the date on your version of OpenSSL is not more recent than Mon Apr 7 2014 and the version is 1.0.1, then you are vulnerable to the Heartbleed bug. If you used the "dpkg" command to find your version of OpenSSL, you'll want to make sure, for Ubuntu 12.04, that you're running at least OpenSSL version 1.0.1-4ubuntu5.12.
dpkg -l | grep "openssl"
Step 2: Upgrade OpenSSL
Below are the commands you need to run on your Ubuntu server to fix this vulnerability.
First of all, update your repositories:
sudo apt-get update
Once that process has finished, upgrade OpenSSL:
sudo apt-get upgrade openssl
Once you have installed the latest version of OpenSSL, you may need to restart your server.
Step 3: Regenerate Your Certificate
After you have confirmed that you are running a safe version of OpenSSL, you'll need to regenerate your certificate using a new private key. This SSL certificate tutorial from DigitalOcean guides you through the process of regenerating your certificate (check out step 3).