Upgrade OpenSSL on Your DigitalOcean Ubuntu 12.04 Server to Protect Against Heartbleed

April 10, 2014

Heartbleed, a serious vulnerability in the popular OpenSSL cryptographic software library, is a hot topic right now. This weakness allows the theft of normally SSL proteced information. SSL/TLS, of course, provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The Verge does a great job of discussing the Heartbleed problem.

This morning I tested to see if my Ubuntu 12.04 DigitalOcean server was affected by Heartbleed and what I found was this: I was running one of the compromised versions of OpenSSL. Good news: the fix is quite easy to implement.

Step 1: Check Your Version of OpenSSL

You can check if you have the latest version of OpenSSL or not by running this command:

openssl version -b

To get a very specific look at your OpenSSL version, use this command instead:

dpkg -l | grep "openssl"
If the date on your version of OpenSSL is not more recent than Mon Apr 7 2014 and the version is 1.0.1, then you are vulnerable to the Heartbleed bug. If you used the "dpkg" command to find your version of OpenSSL, you'll want to make sure, for Ubuntu 12.04, that you're running at least OpenSSL version 1.0.1-4ubuntu5.12.

Step 2: Upgrade OpenSSL

Below are the commands you need to run on your Ubuntu server to fix this vulnerability.

First of all, update your repositories:

sudo apt-get update

Once that process has finished, upgrade OpenSSL:

sudo apt-get upgrade openssl

Once you have installed the latest version of OpenSSL, you may need to restart your server.

Step 3: Regenerate Your Certificate

After you have confirmed that you are running a safe version of OpenSSL, you'll need to regenerate your certificate using a new private key. This SSL certificate tutorial from DigitalOcean guides you through the process of regenerating your certificate (check out step 3).